Details of VAR-201402-0303

ID

VAR-201402-0303

CVE

CVE-2014-1870

TITLE

Mac OS X Run on Opera Vulnerable to address bar spoofing

Trust: 0.8

sources: JVNDB: JVNDB-2014-001346

DESCRIPTION

Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site. Opera Web Browser versions prior to 19.00 are vulnerable. It supports multi-window browsing and a customizable user interface

Trust: 1.98

sources: NVD: CVE-2014-1870 // JVNDB: JVNDB-2014-001346 // BID: 65614 // VULHUB: VHN-69809

AFFECTED PRODUCTS

vendor:	opera	model:	browser	scope:	eq	version:	16.00	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	10.00	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	10.10	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	12.15	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	15.00	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	10.11	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	10.01	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	11.50	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	12.01	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	12.13	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.61	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	12.14	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	17.00	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.60	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.65	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	12.12	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.00	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.61	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.51	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.67	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	12.10	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.66	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.51	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.11	Trust: 1.0
vendor:	opera	model:	browser	scope:	lte	version:	18.00	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.63	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	12.11	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.62	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.10	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.50	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	12.00	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.52	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.62	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	12.02	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.53	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.52	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.01	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	1.00	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.64	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.20	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.60	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.54	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	11.52.1100	Trust: 1.0
vendor:	opera asa	model:	opera	scope:	lt	version:	19	Trust: 0.8
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.0	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.54	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.53	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.52	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.51	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.23	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.22	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.21	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.20	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.11	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.0	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	5.12	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.64	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.63	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.62	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.61	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.60	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.52	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.51	Trust: 0.3
vendor:	opera	model:	software opera web browser beta	scope:	eq	version:	9.50	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.5	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.27	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.26	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.25	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.24	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.23	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.22	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.21	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.20	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.02	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.01	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.54	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.53	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.52	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	12	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	11.64	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	11.62	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	11.61	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	11.60	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	11.51	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	11.50	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	11.11	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	11.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	11.01	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	11.00	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.63	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.62	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.61	Trust: 0.3
vendor:	opera	model:	software opera web browser beta1	scope:	eq	version:	10.60	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.60	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.54	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.53	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.52	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.51	Trust: 0.3
vendor:	opera	model:	software opera web browser beta2	scope:	eq	version:	10.50	Trust: 0.3
vendor:	opera	model:	software opera web browser beta1	scope:	eq	version:	10.50	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.50	Trust: 0.3
vendor:	opera	model:	software opera web browser beta1	scope:	eq	version:	10.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.01	Trust: 0.3
vendor:	opera	model:	software opera web browser beta3	scope:	eq	version:	10.00	Trust: 0.3
vendor:	opera	model:	software opera web browser beta2	scope:	eq	version:	10.00	Trust: 0.3
vendor:	opera	model:	software opera web browser beta1	scope:	eq	version:	10.00	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.00	Trust: 0.3
vendor:	opera	model:	web browser	scope:	eq	version:	11.52	Trust: 0.3

sources: BID: 65614 // JVNDB: JVNDB-2014-001346 // CNNVD: CNNVD-201402-084 // NVD: CVE-2014-1870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1870
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-1870
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201402-084
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-69809
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-1870
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-69809
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-69809 // JVNDB: JVNDB-2014-001346 // CNNVD: CNNVD-201402-084 // NVD: CVE-2014-1870

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-1870

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-084

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201402-084

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001346

PATCH

title:

Security changes and features of Opera 19

url:

http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/

Trust: 0.8

sources: JVNDB: JVNDB-2014-001346

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1870	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001346	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-084	Trust: 0.7
db:	BID	id:	65614	Trust: 0.4
db:	VULHUB	id:	VHN-69809	Trust: 0.1

sources: VULHUB: VHN-69809 // BID: 65614 // JVNDB: JVNDB-2014-001346 // CNNVD: CNNVD-201402-084 // NVD: CVE-2014-1870

REFERENCES

url:	http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1870	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1870	Trust: 0.8
url:	http://blogs.opera.com/desktop/changelog19/	Trust: 0.3
url:	http://www.opera.com/	Trust: 0.3

sources: VULHUB: VHN-69809 // BID: 65614 // JVNDB: JVNDB-2014-001346 // CNNVD: CNNVD-201402-084 // NVD: CVE-2014-1870

CREDITS

Jordi Chancel

Trust: 0.3

sources: BID: 65614

SOURCES

db:	VULHUB	id:	VHN-69809
db:	BID	id:	65614
db:	JVNDB	id:	JVNDB-2014-001346
db:	CNNVD	id:	CNNVD-201402-084
db:	NVD	id:	CVE-2014-1870

LAST UPDATE DATE

2024-11-23T23:12:47.531000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-69809	date:	2014-02-07T00:00:00
db:	BID	id:	65614	date:	2015-03-19T08:41:00
db:	JVNDB	id:	JVNDB-2014-001346	date:	2014-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201402-084	date:	2014-02-10T00:00:00
db:	NVD	id:	CVE-2014-1870	date:	2024-11-21T02:05:10.883

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-69809	date:	2014-02-06T00:00:00
db:	BID	id:	65614	date:	2014-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-001346	date:	2014-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201402-084	date:	2014-02-10T00:00:00
db:	NVD	id:	CVE-2014-1870	date:	2014-02-06T23:55:04.057