Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2491

Description

A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.

Affected products

Opera (company)/Opera Browser
cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
Range: <=7.53

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/12162nvdBroken LinkPatch
www.opera.com/windows/changelogs/754/nvdBroken LinkPatch
archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.htmlnvdBroken LinkExploit
www.osvdb.org/8317nvdBroken LinkExploit
www.securityfocus.com/bid/10810nvdBroken LinkExploitPatchThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/16816nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000