VIR Vulnerability Intelligence Relay

CVE-2010-2576

medium
Published 2010-08-16 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
6.8

Description

Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
operaopera_browser{"endIncluding":"10.60"}
operaopera_browser1.00
operaopera_browser2.00
operaopera_browser2.10
operaopera_browser2.12
operaopera_browser3.00
operaopera_browser3.10
operaopera_browser3.21
operaopera_browser3.50
operaopera_browser3.51
operaopera_browser3.60
operaopera_browser3.61
operaopera_browser3.62
operaopera_browser4.00
operaopera_browser4.01
operaopera_browser4.02
operaopera_browser5.0
operaopera_browser5.02
operaopera_browser5.10
operaopera_browser5.11
operaopera_browser5.12
operaopera_browser6.0
operaopera_browser6.1
operaopera_browser6.01
operaopera_browser6.02
operaopera_browser6.03
operaopera_browser6.04
operaopera_browser6.05
operaopera_browser6.06
operaopera_browser6.11
operaopera_browser6.12
operaopera_browser7.0
operaopera_browser7.01
operaopera_browser7.02
operaopera_browser7.03
operaopera_browser7.10
operaopera_browser7.11
operaopera_browser7.20
operaopera_browser7.21
operaopera_browser7.22
operaopera_browser7.23
operaopera_browser7.50
operaopera_browser7.51
operaopera_browser7.52
operaopera_browser7.53
operaopera_browser7.54
operaopera_browser7.60
operaopera_browser8.0
operaopera_browser8.01
operaopera_browser8.02
operaopera_browser8.50
operaopera_browser8.51
operaopera_browser8.52
operaopera_browser8.53
operaopera_browser8.54
operaopera_browser9.0
operaopera_browser9.01
operaopera_browser9.02
operaopera_browser9.10
operaopera_browser9.12
operaopera_browser9.20
operaopera_browser9.21
operaopera_browser9.22
operaopera_browser9.23
operaopera_browser9.24
operaopera_browser9.25
operaopera_browser9.26
operaopera_browser9.27
operaopera_browser9.50
operaopera_browser9.51
operaopera_browser9.52
operaopera_browser9.60
operaopera_browser9.61
operaopera_browser9.62
operaopera_browser9.63
operaopera_browser9.64
operaopera_browser10.00
operaopera_browser10.01
operaopera_browser10.10
operaopera_browser10.11
operaopera_browser10.20
operaopera_browser10.50
operaopera_browser10.51
operaopera_browser10.52
operaopera_browser10.53
operaopera_browser10.54
operaopera_browser10.60

References

CWEs

CWE-94

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.