CVE-2009-2067

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
operaopera_browser
𝑥
≤ 9.22
operaopera_browser
7.0
operaopera_browser
7.23
operaopera_browser
7.53
operaopera_browser
7.54
operaopera_browser
7.60
operaopera_browser
8.0
operaopera_browser
8.01
operaopera_browser
8.02
operaopera_browser
8.50
operaopera_browser
8.51
operaopera_browser
8.52
operaopera_browser
8.53
operaopera_browser
8.54
operaopera_browser
9.0
operaopera_browser
9.01
operaopera_browser
9.02
operaopera_browser
9.10
operaopera_browser
9.12
operaopera_browser
9.20
operaopera_browser
9.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://www.securityfocus.com/bid/35403
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://www.securityfocus.com/bid/35403