CVE-2012-6463

CVE-2012-6463 is an XSS vulnerability in Opera prior to 12.10 where an attacker could inject arbitrary script via a sequence involving loading documents and data: URLs. The NVD entry assigns a base score of 4.3 (Medium) with No confidentiality impact, Partial integrity impact, and No availability...

CVE-2012-6462

CVE-2012-6462 refers to Opera before 12.10, where improper CORS handling allows remote attackers to bypass page-content restrictions with a crafted request. The impact is a partial confidentiality concern; no exploitation details are provided in the sources. Remediation guidance from Gentoo GLSA ...

CVE-2012-6469

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page...

CVE-2012-6464

Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins...

CVE-2012-6460

CVE-2012-6460 affects Opera browser versions before 11.67 and 12.x before 12.02, where a crafted web site can truncate a dialog and potentially trigger downloading and execution of arbitrary programs. Connected sources confirm this is a browser-level vulnerability with remote code execution impli...

CVE-2012-6472

CVE-2012-6472 affects Opera on UNIX: Opera before 12.12 uses weak permissions on the profile directory, allowing local users to read sensitive files (cache, password, configuration) and potentially modify configuration to gain privileges. Existence of related entries confirms the issue across mul...

CVE-2012-6467

CVE-2012-6467 is confirmed to affect Opera (pre-12.10) via how it follows Internet shortcuts referenced by an IMG or inline element, enabling phishing-style attacks on crafted pages (described as exploited in the wild in 2012). OpenVAS entries map this family of vulnerabilities to a high base sco...

CVE-2012-6466

Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas...

CVE-2012-6467

Opera before 12.10 follows Internet shortcuts that are referenced by a 1 IMG element or 2 other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012...

CVE-2012-6469

CVE-2012-6469 affects the Opera browser. The primary detail in the Initial Document states Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors in an error page. The connected OpenVAS entries list CVE-2012-6469 as part of a set of Opera vulner...

CVE-2012-6468

Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a long HTTP response...

CVE-2012-6471

Opera before 12.12 has a vulnerability (CVE-2012-6471) where an attacker can spoof the address field by sending a high rate of HTTP requests. Evidence across Red Hat and Gentoo advisories confirms the issue and recommends upgrading Opera to a newer version (e.g., 12.13_p1734 or later). The OpenVA...

CVE-2012-6463

Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs...

CVE-2012-6462

Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing CORS specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request...

CVE-2012-6460

Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site...

CVE-2012-6465

Opera before 12.10 is vulnerable to remote code execution or application crash via a malformed SVG image (CVE-2012-6465). The CVE is referenced in multiple sources (Red Hat security advisory, GLSA 201406-14, OpenVAS entries) that describe the vulnerability as part of a set of Opera issues with hi...

CVE-2012-6468

CVE-2012-6468 is described in the initial document as a heap-based buffer overflow in Opera (pre-12.11) that could be triggered by a long HTTP response, allowing remote code execution or memory corruption. Connected openvas entries corroborate multiple Opera vulnerabilities around the same period...

CVE-2012-6466

CVE-2012-6466 affects Opera before 12.10, where improper handling of incorrect size data in a WebP image can cause a crafted image used as a fill pattern for a canvas to disclose potentially sensitive information from the process memory. The vulnerability enables memory information disclosure via...

CVE-2012-6470

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service memory overwrite via a malformed image...

CVE-2012-6472

Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a 1 cache file, 2 password file, or 3 configuration file, or 4 possibly gain privileges by modifying or overwriting a configuration file...