CVE-2004-1490

Name of the Vulnerable Software and Affected Versions Opera versions 7.54 and earlier

Description The issue allows remote attackers to spoof file types in the download dialog. This is achieved via dots and non-breaking spaces (ASCII character code 160) in the Content-Disposition or Content-Type headers. A malicious user can send specially crafted headers to trick the user into executing malicious files, resulting in a loss of integrity.

Recommendations For Opera versions 7.54 and earlier, consider disabling the download dialog functionality until a patch is available. Restrict access to the Content-Disposition and Content-Type headers to minimize the risk of exploitation. Avoid using the Content-Disposition and Content-Type headers in the download dialog until the issue is resolved.