CVE-2009-2067
Opera < 9.22 - Improper Authentication via HTTPS Frame Injection
Title source: llmDescription
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35403
Vendor Advisory x_refsource_misc
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
Vendor Advisory x_refsource_misc
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
Scores
EPSS
0.0027
EPSS Percentile
50.0%
Details
CWE
CWE-287
Status
published
Products (21)
opera/opera_browser
7.0
opera/opera_browser
7.23
opera/opera_browser
7.53
opera/opera_browser
7.54
opera/opera_browser
7.60
opera/opera_browser
8.0
opera/opera_browser
8.01
opera/opera_browser
8.02
opera/opera_browser
8.50
opera/opera_browser
8.51
... and 11 more
Published
Jun 15, 2009
Tracked Since
Feb 18, 2026