History Search can reveal browsing history – Opera Security Advisories

History Search can reveal browsing history – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Platforms All desktop versions Problem Description Certain constructs are not escaped correctly by Opera’s History Search results. These can be used to inject scripts in...

Java applets can be used to read sensitive information – Opera Security Advisories

Java applets can be used to read sensitive information – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Highly Severe Problem Description Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it...

Feed links can link to local files – Opera Security Advisories

Feed links can link to local files – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Less Severe Problem Description As a security precaution, Opera does not allow Web pages to link to files on the user’s local disk. However, a flaw exists that allows Web pages to link to feed...

Insecure pages can show incorrect security information – Opera Security Advisories

Insecure pages can show incorrect security information – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Less Severe Problem Description When insecure pages load content from secure sites into a frame, they can cause Opera to incorrectly report the insecure site as being secure...

Sites can change framed content on other sites – Opera Security Advisories

Sites can change framed content on other sites – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be...

Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories

Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Moderately Severe Problem Description When a user types into a file input, scripts can cause some of the keystrokes to be ignored. If the script can convince t...

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderate Problem description Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own characte...

Malformed bitmaps can reveal old data from random places in memory

Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Using canvas, the pattern can be read and analyzed by JavaScript, so an attacker can get random samples of the user's memory, which may contain data...

Malformed JPEG headers can be used to execute arbitrary code

A specially crafted JPEG header can cause Opera to crash, allowing execution of arbitrary code...

Opera < 9.63 Multiple Vulnerabilities

Binary data 4791.prm...

Opera security upgrade for Linux, Solaris and FreeBSD – Opera Security Advisories

Opera security upgrade for Linux, Solaris and FreeBSD – Opera Security Advisories OPCOM Team | December 16, 2008 Summary Opera 9.20 has a highly recommended security upgrade for users of the Adobe Flash Player on Linux, Solaris and FreeBSD Severity Highly critical Problem description A security...

Feed preview can reveal contents of unrelated news feeds – Opera Security Advisories

Feed preview can reveal contents of unrelated news feeds – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Platforms All desktop versions Problem Description When Opera is previewing a news feed, some scripts are not correctly blocked. These scripts are able to...

Feed subscription can cause the wrong page address to be displayed – Opera Security Advisories

Feed subscription can cause the wrong page address to be displayed – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Not Severe Problem Description It has been reported that when a user subscribes to a news feed using the feed subscription button, the page address can be changed...

Custom shortcuts can pass the wrong parameters to applications – Opera Security Advisories

Custom shortcuts can pass the wrong parameters to applications – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description Custom shortcut and menu commands can be used to activate external applications. In some cases, the parameters passed to these...

Startup crash can allow execution of arbitrary code – Opera Security Advisories

Startup crash can allow execution of arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this...

Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories

Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When an application attempts to access a URL that uses a protocol that it does not understand, it may...

Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories

Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description A specially crafted JPEG header can cause Opera to crash, allowing execution of arbitrary code. Opera’s Response Opera Software has...

canvas functions can reveal data from random places in memory – Opera Security Advisories

canvas functions can reveal data from random places in memory – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately severe Problem description There is a flaw in the way that certain canvas functions are handled, that can cause the canvas to be painted with very small...

Newsfeed prompt can cause Opera to execute arbitrary code – Opera Security Advisories

Newsfeed prompt can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description When Opera encounters a newsfeed source on a Web page, it prompts to add the source as a newsfeed. A script can manipulate the feed sourc...

Malformed bitmaps can reveal old data from random places in memory – Opera Security Advisories

Malformed bitmaps can reveal old data from random places in memory – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Usi...