Vulnerability Details : CVE-2004-2659
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
Products affected by CVE-2004-2659
- cpe:2.3:a:mozilla:mozilla:-:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2659
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2659
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:N |
4.9
|
4.9
|
NIST |
CWE ids for CVE-2004-2659
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-2659
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html
Broken Link;Exploit
-
http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
Exploit;Vendor Advisory
Jump to