Filtered by vendor Opera
Subscribe
Search
Total
286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3389 | 4 Google, Microsoft, Mozilla and 1 more | 5 Chrome, Internet Explorer, Windows and 2 more | 2021-07-23 | 4.3 MEDIUM | N/A |
| The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | |||||
| CVE-2010-2664 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning. | |||||
| CVE-2006-6955 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | |||||
| CVE-2010-2421 | 1 Opera | 1 Opera Browser | 2018-10-30 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues. | |||||
| CVE-2010-2663 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element. | |||||
| CVE-2010-2661 | 4 Apple, Microsoft, Opera and 1 more | 4 Mac Os X, Windows, Opera Browser and 1 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations. | |||||
| CVE-2007-5274 | 3 Mozilla, Opera, Sun | 5 Firefox, Opera Browser, Jdk and 2 more | 2018-10-30 | 2.6 LOW | N/A |
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. | |||||
| CVE-2009-3266 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." | |||||
| CVE-2010-1728 | 3 Apple, Microsoft, Opera | 3 Mac Os X, Windows, Opera Browser | 2018-10-30 | 9.3 HIGH | N/A |
| Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. | |||||
| CVE-2009-3045 | 1 Opera | 1 Opera Browser | 2018-10-30 | 5.0 MEDIUM | N/A |
| Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. | |||||
| CVE-2009-3047 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. | |||||
| CVE-2009-3013 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site. | |||||
| CVE-2009-2540 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||||
| CVE-2009-2351 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected. | |||||
| CVE-2009-2067 | 1 Opera | 1 Opera Browser | 2018-10-30 | 6.8 MEDIUM | N/A |
| Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | |||||
| CVE-2009-2059 | 1 Opera | 1 Opera Browser | 2018-10-30 | 6.8 MEDIUM | N/A |
| Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | |||||
| CVE-2009-3831 | 3 Microsoft, Opera, Opera Software | 4 Windows, Brew Browser, Opera Browser and 1 more | 2018-10-30 | 9.3 HIGH | N/A |
| Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. | |||||
| CVE-2009-3832 | 3 Microsoft, Opera, Opera Software | 4 Windows, Brew Browser, Opera Browser and 1 more | 2018-10-30 | 5.8 MEDIUM | N/A |
| Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. | |||||
| CVE-2009-4071 | 1 Opera | 1 Opera Browser | 2018-10-30 | 5.8 MEDIUM | N/A |
| Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2009-4072 | 1 Opera | 1 Opera Browser | 2018-10-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." | |||||
| CVE-2009-3049 | 1 Opera | 1 Opera Browser | 2018-10-30 | 5.0 MEDIUM | N/A |
| Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. | |||||
| CVE-2010-2666 | 3 Apple, Microsoft, Opera | 3 Mac Os X, Windows, Opera Browser | 2018-10-30 | 9.3 HIGH | N/A |
| Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. | |||||
| CVE-2010-2455 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | |||||
| CVE-2010-2659 | 4 Apple, Microsoft, Opera and 1 more | 4 Mac Os X, Windows, Opera Browser and 1 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site. | |||||
| CVE-2010-2665 | 4 Apple, Microsoft, Opera and 1 more | 4 Mac Os X, Windows, Opera Browser and 1 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site." | |||||
| CVE-2010-2660 | 4 Apple, Microsoft, Opera and 1 more | 4 Mac Os X, Windows, Opera Browser and 1 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters. | |||||
| CVE-2010-2662 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click." | |||||
| CVE-2010-2658 | 1 Opera | 1 Opera Browser | 2018-10-30 | 4.3 MEDIUM | N/A |
| Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site. | |||||
| CVE-2009-1599 | 2 Adobe, Opera | 2 Acrobat Reader, Opera Browser | 2018-10-30 | 9.3 HIGH | N/A |
| Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content." | |||||
| CVE-2006-1834 | 1 Opera | 1 Opera Browser | 2018-10-18 | 5.1 MEDIUM | N/A |
| Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings. | |||||
| CVE-2007-1737 | 1 Opera | 1 Opera Browser | 2018-10-16 | 7.5 HIGH | N/A |
| Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. | |||||
| CVE-2007-1115 | 1 Opera | 1 Opera Browser | 2018-10-16 | 4.3 MEDIUM | N/A |
| The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | |||||
| CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2018-10-16 | 5.0 MEDIUM | N/A |
| Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | |||||
| CVE-2007-6524 | 1 Opera | 1 Opera Browser | 2018-10-15 | 7.8 HIGH | N/A |
| Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. | |||||
| CVE-2007-6523 | 1 Opera | 1 Opera Browser | 2018-10-15 | 7.8 HIGH | N/A |
| Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. | |||||
| CVE-2007-3819 | 1 Opera | 1 Opera Browser | 2018-10-15 | 5.0 MEDIUM | N/A |
| Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | |||||
| CVE-2008-7245 | 1 Opera | 1 Opera Browser | 2018-10-11 | 5.0 MEDIUM | N/A |
| Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. | |||||
| CVE-2008-5680 | 1 Opera | 1 Opera Browser | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178. | |||||
| CVE-2008-5679 | 1 Opera | 1 Opera | 2018-10-11 | 9.3 HIGH | N/A |
| The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. | |||||
| CVE-2008-5428 | 2 Microsoft, Opera | 2 Windows Xp, Opera | 2018-10-11 | 4.3 MEDIUM | N/A |
| Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | |||||
| CVE-2008-4725 | 1 Opera | 1 Opera Browser | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60. | |||||
| CVE-2008-4696 | 1 Opera | 1 Opera | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). | |||||
| CVE-2010-2576 | 1 Opera | 1 Opera Browser | 2018-10-10 | 6.8 MEDIUM | N/A |
| Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407. | |||||
| CVE-2010-1993 | 1 Opera | 1 Opera Browser | 2018-10-10 | 5.0 MEDIUM | N/A |
| Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. | |||||
| CVE-2010-2121 | 1 Opera | 1 Opera Browser | 2018-10-10 | 4.3 MEDIUM | N/A |
| Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. | |||||
| CVE-2010-1989 | 1 Opera | 1 Opera Browser | 2018-10-10 | 5.0 MEDIUM | N/A |
| Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181. | |||||
| CVE-2009-3269 | 1 Opera | 1 Opera Browser | 2018-10-10 | 5.0 MEDIUM | N/A |
| Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. | |||||
| CVE-2009-3265 | 1 Opera | 1 Opera Browser | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. | |||||
| CVE-2009-2577 | 1 Opera | 1 Opera Browser | 2018-10-10 | 5.0 MEDIUM | N/A |
| Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | |||||
| CVE-2011-1824 | 1 Opera | 1 Opera Browser | 2018-10-09 | 4.3 MEDIUM | N/A |
| The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or possibly execute arbitrary code, via a large integer attribute value. | |||||