5.8

CVE-2009-2068

Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OperaOpera Version5..10
OperaOpera Version5.0
OperaOpera Version5.0 Updatebeta_2
OperaOpera Version5.0 Updatebeta_3
OperaOpera Version5.0 Updatebeta_4
OperaOpera Version5.0 Updatebeta_5
OperaOpera Version5.0 Updatebeta_6
OperaOpera Version5.0 Updatebeta_7
OperaOpera Version5.0 Updatebeta_8
OperaOpera Version5.1
OperaOpera Version5.02
OperaOpera Version5.2
OperaOpera Version5.3
OperaOpera Version5.4
OperaOpera Version5.5
OperaOpera Version5.6
OperaOpera Version5.7
OperaOpera Version5.8
OperaOpera Version5.9
OperaOpera Version5.10
OperaOpera Version5.11
OperaOpera Version5.12
OperaOpera Version6 Updatebeta_1
OperaOpera Version6.0
OperaOpera Version6.0 Updatebeta_1
OperaOpera Version6.0 Updatebeta_2
OperaOpera Version6.0 Updatebeta_3
OperaOpera Version6.1
OperaOpera Version6.01
OperaOpera Version6.02
OperaOpera Version6.03
OperaOpera Version6.04
OperaOpera Version6.05
OperaOpera Version6.06
OperaOpera Version6.11
OperaOpera Version6.12
OperaOpera Version7 Updatebeta_1
OperaOpera Version7.0
OperaOpera Version7.0 Updatebeta_1
OperaOpera Version7.0 Updatebeta_1v2
OperaOpera Version7.0 Updatebeta_2
OperaOpera Version7.01
OperaOpera Version7.02
OperaOpera Version7.03
OperaOpera Version7.10
OperaOpera Version7.11
OperaOpera Version7.20
OperaOpera Version7.20 Updatebeta7
OperaOpera Version7.21
OperaOpera Version7.22
OperaOpera Version7.23
OperaOpera Version7.30
OperaOpera Version7.50
OperaOpera Version7.50 Updatebeta_1
OperaOpera Version7.51
OperaOpera Version7.52
OperaOpera Version7.54
OperaOpera Version7.54 Updateupdate_1
OperaOpera Version7.55
OperaOpera Version8.0
OperaOpera Version8.0 Updatebeta_1
OperaOpera Version8.0 Updatebeta_2
OperaOpera Version8.01
OperaOpera Version8.02
OperaOpera Version8.51
OperaOpera Version8.52
OperaOpera Version8.53
OperaOpera Version8.54
OperaOpera Version9.0 Updatebeta_1
OperaOpera Version9.01
OperaOpera Version9.02
OperaOpera Version9.10
OperaOpera Version9.20
OperaOpera Version9.21
OperaOpera Version9.23
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.394
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.