CVE-2009-3049
Opera < 10.00 - URL Spoofing via Internationalized Domain Name Display
Title source: llmDescription
Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/solaris/1000/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/1000/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/1000/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/freebsd/1000/
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6235
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/linux/1000/
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/kb/view/932/
Scores
EPSS
0.0060
EPSS Percentile
69.7%
Details
Status
published
Products (25)
opera/opera_browser
7.0
opera/opera_browser
7.23
opera/opera_browser
7.53
opera/opera_browser
7.54
opera/opera_browser
7.60
opera/opera_browser
8.0
opera/opera_browser
8.01
opera/opera_browser
8.02
opera/opera_browser
8.50
opera/opera_browser
8.51
... and 15 more
Published
Sep 02, 2009
Tracked Since
Feb 18, 2026