CVE-2009-3047

high

Description

Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6460

http://www.opera.com/support/kb/view/930/

http://www.opera.com/docs/changelogs/windows/1000/

http://www.opera.com/docs/changelogs/solaris/1000/

http://www.opera.com/docs/changelogs/mac/1000/

http://www.opera.com/docs/changelogs/linux/1000/

http://www.opera.com/docs/changelogs/freebsd/1000/

Details

Source: Mitre, NVD

Published: 2009-09-02

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.006

Detections

Analytics