CVE-2010-2660

high

Description

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11603

http://www.vupen.com/english/advisories/2010/1673

http://www.vupen.com/english/advisories/2010/1529

http://www.securityfocus.com/bid/40973

http://www.opera.com/support/search/view/961/

http://www.opera.com/docs/changelogs/windows/1054/

http://www.opera.com/docs/changelogs/unix/1060/

http://www.opera.com/docs/changelogs/mac/1054/

http://secunia.com/advisories/40250

Details

Source: Mitre, NVD

Published: 2010-07-08

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.01003