OPENSUSE-SU-2020:1320-1 Security update for opera

This update for opera fixes the following issues: Update to version 70.0.3728.133 - CHR-8053 Update chromium on desktop-stable-84-3728 to 84.0.4147.125 - DNA-87289 Crash at views::NativeWidgetMacNSWindowHost:: OnNativeViewHostDetachviews::View const - DNA-87831 Linux Sidebar panel cannot be pinne...

OPENSUSE-SU-2020:1148-1 Security update for opera

This update for opera fixes the following issues: - Update to version 70.0.3728.71 - DNA-86267 Make Recently closed tabs appearance consistent with Search for open tabs. - DNA-86988 Opera 70 translations - DNA-87530 Zen news leads not loading - DNA-87636 Fix displaying folder icon for closed...

OPENSUSE-SU-2020:0950-1 Security update for opera

This update for opera fixes the following issues: - Update to version 69.0.3686.49 - CHR-7971 Update chromium on desktop-stable-83-3686 to 83.0.4103.116 CVE-2020-6509 - DNA-79195 Wrong date on history - DNA-86090 Crash at views::View::ReorderChildViewviews::View, int - DNA-86122 Mac Some popovers...

OPENSUSE-SU-2020:0635-1 Security update for opera

This update for opera fixes the following issues: Opera was updated to version 68.0.3618.63 - CHR-7889 Update chromium on desktop-stable-81-3618 to 81.0.4044.122 - CHR-7896 Update chromium on desktop-stable-81-3618 to 81.0.4044.129 - DNA-85287 Set standard spacing for Yandex prompt - DNA-85416 Ma...

OPENSUSE-SU-2018:1859-1 Security update for Opera

This update for Opera 54.0.2952.41 fixes multiple issues. - CVE-2018-6148: Incorrect handling of CSP header boo1096508 This update to version 54.0.2952.41 also contains all security and bug fixes in this upstream version, including all fixes in the chromium engine...

Thanks to the researchers 2017

Research Thanks to the researchers 2017 Share March 3rd, 2017 We would like to thank the researchers who have offered us their assistance throughout the year, to help enhance the security of our websites. Special mention goes to those who discover and report security issues: Johnny Nipper Mehmet...

Thanks to the researchers 2016

Research Thanks to the researchers 2016 Share April 19th, 2016 A number of researchers and website testers have offered their assistance throughout the year to help us tighten the security of our many websites. Thanks to all! Special mention goes to those who discover and report security issues:...

Thanks to the researchers 2014

Research Thanks to the researchers 2014 Share January 31st, 2014 Each year, a number of researchers offer their assistance to help us tighten the security of our wide array of websites. We would like to take this opportunity to thank the researchers and testers of 2014 for their assistance in...

New home for the Security Group blog

News New home for the Security Group blog Share October 31st, 2013 Welcome to the new home of the Opera Security Group. We have changed our blogging platform. For more more information regarding the switch, please see this post. If you received this blog post in your feed reader, you do not need ...

Cookies can be set for a top-level domain – Opera Security Advisories

Browsers should only allow cookies to be set for the website that created them. In some specific cases, Opera does not apply this restriction correctly, and allows a website to set a cookie for its entire top-level domain such as .com or .co.uk. A malicious site could then redirect the user to...

CVE-2013-1638

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document...

Use of SVG clipPaths can allow execution of arbitrary code – Opera Security Advisories

When SVG documents with specifically prepared clipPaths are used in Opera, Opera may allow other content to overwrite the memory, before referencing the memory, which will lead to a crash. If an attacker can control the contents being written into memory, execution of arbitrary code may occur...

Carefully timed redirects can allow cross site scripting – Opera Security Advisories

Scripts on a page are supposed to be restricted so that they can only interact with other pages from the same domain and security context. Carefully timed redirects can cause scripts to execute in the wrong security context in Opera. This allows cross site scripting XSS...

opera to 12.10 (important)

This Opera 12.10 security update fixes following security issues: -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate...

Certificate revocation service failure may cause Opera to show an unverified site as secure – Opera Security Advisories

When accessing secure websites, Opera checks with a number of services to check if the website’s security certificate has been revoked. Normally, if Opera cannot check revocation status, it will not present the site as secure. In some cases, a failure in one of these services can cause Opera not ...

Truncated dialogs may be used to trick users – Opera Security Advisories

When an important dialog is being displayed, such as a download dialog, the entire dialog should be visible, so that the user can clearly see what the dialog’s buttons will do. In some cases, specific user interactions can cause Opera not to enforce this correctly, allowing the window to become...

Small windows can be used in several ways to trick users into executing downloads – Opera Security Advisories

When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in a small enough window, the user may not realize it is being displayed, and if the right keyboard sequence is carefully followed, they can end...

Element HTML content can be incorrectly returned without escaping, bypassing some HTML sanitizers – Opera Security Advisories

When sites accept HTML from untrusted users, and use that HTML as page content, they typically sanitize the untrusted HTML to ensure that it does not contain any harmful content, such as malicious scripts. In some cases, this sanitization may be performed by writing and reading the contents of DO...

Certain URL constructs can allow arbitrary code execution – Opera Security Advisories

Certain page address URL constructs can cause Opera to allocate the wrong amount of memory for storing the address. When it then attempts to store the address, it will overwrite unrelated memory with attacker-controlled data. This can lead to a crash, which may also execute that data as code...

Small windows can be used to trick users into executing downloads – Opera Security Advisories

When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in a small enough window, the user may not realize it is being displayed, and if the right keyboard sequence is carefully followed, they can end...