CVE-2009-3047

Opera before 10.00 is affected by a URL-spoofing vulnerability where a collapsed address bar fails to update the domain from the previous site to the current one, enabling a remote attacker to spoof URLs. The issue is documented across multiple sources (SUSE, Gentoo GLSA 201206-03, OpenVAS, and r...

CVE-2009-3047

Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs...

CVE-2009-3046

Opera before 10.00 is vulnerable because it does not check all intermediate X.509 certificates for revocation, allowing remote SSL servers to bypass certificate chain validation via a revoked certificate. Affected versions include Opera = 12.00.1467. This CVE is referenced in multiple advisories ...

CVE-2009-3049

Opera before 10.00 does not properly display all characters in Internationalized Domain Names IDN in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode...

CVE-2009-3046

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate...

Opera Unite multiple security vulnerabilities

Request spoofing, crossite scripting, information leak, etc...

Pwning Opera Unite with Inferno's Eleven

Pwning Opera Unite with Inferno's Eleven ---------------------------------------- Complete Post at http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/ Opera Unite, the upcoming version of the Opera browser has a strong vision to change how we look at the web. For those who...

PT-2009-5378 · Opera · Opera

Name of the Vulnerable Software and Affected Versions: Opera versions prior to 10.00 Description: The issue arises from the failure to check all intermediate X.509 certificates for revocation, making it easier for remote SSL servers to bypass validation of the certificate chain via a revoked...

Opera < 10.00 Multiple Vulnerabilities

Binary data 5146.prm...

Opera < 10.0 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 10.0 and thus reportedly affected by multiple issues : - Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating i...

Opera < 10.00 Multiple Vulnerabilities

Binary data 800811.prm...

opera -- multiple vulnerabilities

Opera Team Reports: Issue where sites using revoked intermediate certificates might be shown as secure Issue where the collapsed address bar didn't show the current domain Issue where pages could trick users into uploading files Some IDNA characters not correctly displaying in the address bar Iss...

CVE-2009-3013

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Location header that contains JavaScript sequences in a...

Cross site scripting

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Location header that contains JavaScript sequences in a...

CVE-2009-3013

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Location header that contains JavaScript sequences in a...

CVE-2009-3013

The CVE-2009-3013 issue affects Opera 9.52 and earlier, and Opera 10.00 Beta 3 Build 1699, where data: URIs in HTTP Location headers were not properly blocked, enabling cross-site scripting (XSS) via two vectors: (1) a Location header containing JavaScript sequences in a data:text/html URI, and (...

MD2 algorithm used by security certificates is considered weak

Digital signatures made with the MD2 algorithm are used in some of the issuer certificates that Opera trusts. MD2 is now considered weak...

Sites using revoked intermediate certificates might be shown as secure

Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure...

Opera may show some incorrect characters in the address bar

Some Unicode characters are treated incorrectly, which might cause international domain names that use them to be shown in the wrong format. Showing these addresses in Unicode instead of punycode could allow for limited address spoofing...

Sites using revoked intermediate certificates might be shown as secure – Opera Security Advisories

Sites using revoked intermediate certificates might be shown as secure – Opera Security Advisories OPCOM Team | August 29, 2009 Summary Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the...