[SA15423] Opera Redirection Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15008] Opera XMLHttpRequest Security Bypass

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Opera Multiple Vulnerabilities

Binary data 3015.prm...

opera -- redirection cross-site scripting vulnerability

A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks against users. The vulnerability is caused due to input not being sanitised, when Opera generates a temporary page for displayin...

opera -- XMLHttpRequest security bypass

A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to steal content or to perform actions on other web sites with the privileges of the user. Normally, it should not be possible for the XMLHttpRequest object to access...

[SA15411] Opera "javascript:" URL Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Opera < 8.01 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 8.01 and thus reportedly affected by multiple issues : - It may be possible for a malicious website to spoof dialog boxes. - It may be possible for a XMLHttpRequest object to gain unauthorized access to sensitive data. - The...

opera -- "javascript:" URL cross-site scripting vulnerability

A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to read local files. The vulnerability is caused due to Opera not properly restricting the privileges of "javascript:" URLs...

CVE-2004-2083

Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."...

CVE-2004-2083

Summary: Opera Web Browser 7.0–7.23 is affected by a file-download extension spoofing flaw. When a malicious site provides a downloadable file, the filename may embed a CLSID that makes the file appear as a trusted type, tricking users into executing it. This can lead to arbitrary code execution ...

CVE-2004-1810

The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service crash by creating a new Array object with a large size value, then writing into that array...

CVE-2004-1810

The CVE-2004-1810 entry maps to a vulnerability in the Opera browser’s JavaScript engine (reported for Opera 7.x). The issue arises when handling very large JavaScript Array objects, where creating an Array with an extremely large size value and writing into it can crash the browser. OpenVAS and ...

CVE-2005-0457

Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGETMPDIR portage temporary directory...

CVE-2005-0235

The International Domain Name IDN support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...

CVE-2005-1139

Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks...

CVE-2005-1139

Opera 8 Beta 3 could display the Organizational information of SSL certificates using first-generation vetted certs, enabling spoofing and phishing attacks. The issue is addressed in Opera’s 8.0 update per SUSE-SA:2005:031 advisory; remediation is to upgrade to Opera 8.0+ (or later) where this is...

CVE-2005-1139

Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks...

Internationalized domain names (IDN) can be used for spoofing. – Opera Security Advisories

Internationalized domain names IDN can be used for spoofing. – Opera Security Advisories OPCOM Team | February 25, 2005 Summary Opera supports internationalized domain names IDN, which allowsfor example Russian or Chinese domain names to be written in theirown native scripts. However, this also...

CVE-2004-1615

Opera permits remote attackers to trigger a denial of service by crafting a web page or HTML email containing a TBODY tag with a large COL SPAN value, leading to an invalid memory reference and application crash. The provided documents identify the affected software as Opera and the impact as par...

CVE-2004-1615

Opera allows remote attackers to cause a denial of service invalid memory reference and application crash via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme...