Description
Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.
Product(s):
- Opera Browser
- Opera Browser 1.00
- Opera Browser 2.00
- Opera Browser 2.10
- Opera Browser 2.10b1
- Opera Browser 2.10b2
- Opera Browser 2.10b3
- Opera Browser 2.12
- Opera Browser 3.00
- Opera Browser 3.00b
- Opera Browser 3.10
- Opera Browser 3.21
- Opera Browser 3.50
- Opera Browser 3.51
- Opera Browser 3.60
- Opera Browser 3.61
- Opera Browser 3.62
- Opera Browser 3.62b
- Opera Browser 4.00
- Opera Browser 4.00b2
- Opera Browser 4.00b3
- Opera Browser 4.00b4
- Opera Browser 4.00b5
- Opera Browser 4.00b6
- Opera Browser 4.01
- Opera Browser 4.02
- Opera Browser 5.02
- Opera Browser 5.0
- Opera Browser 5.0 beta 2
- Opera Browser 5.0 beta 3
- Opera Browser 5.0 beta 4
- Opera Browser 5.0 beta 5
- Opera Browser 5.0 beta 6
- Opera Browser 5.0 beta 7
- Opera Browser 5.0 beta 8
- Opera Browser 5.10
- Opera Browser 5.11
- Opera Browser 5.12
- Opera Browser 6.01
- Opera Browser 6.02
- Opera Browser 6.03
- Opera Browser 6.04
- Opera Browser 6.05
- Opera Browser 6.06
- Opera Browser 6.0
- Opera Browser 6.0 beta 1
- Opera Browser 6.0 beta 2
- Opera Browser 6.0 beta 3
- Opera Browser 6.0 TP 1
- Opera Browser 6.0 TP 2
- Opera Browser 6.0 TP 3
- Opera Browser 6.10
- Opera Browser 6.11
- Opera Browser 6.12
- Opera Browser 6.1
- Opera Browser 6.1 beta 1
- Opera Browser 7.01
- Opera Browser 7.02
- Opera Browser 7.03
- Opera Browser 7.0
- Opera Browser 7.0 beta 1
- Opera Browser 7.0 beta 1 v2
- Opera Browser 7.0 beta 2
- Opera Browser 7.10
- Opera Browser 7.10 beta 1
- Opera Browser 7.11
- Opera Browser 7.11 beta 2
- Opera Browser 7.20
- Opera Browser 7.20 beta 7
- Opera Browser 7.21
- Opera Browser 7.22
- Opera Browser 7.23
- Opera Browser 7.30
- Opera Browser 7.50
- Opera Browser 7.50 beta 1
- Opera Browser 7.51
- Opera Browser 7.52
- Opera Browser 7.53
- Opera Browser 7.54
- Opera Browser 7.54 update 1
- Opera Browser 7.54 update 2
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1490, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1490 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.