Opera's Security Model is Highly Vulnerable (GM#002-OP)

GreyMagic Security Advisory GM002-OP ===================================== By GreyMagic Software, Israel. 04 Feb 2003. Available in HTML format at http://security.greymagic.com/adv/gm002-op/. Topic: Opera's Security Model is Highly Vulnerable. Discovery date: 14 Nov 2002. Affected applications:...

Opera 7.0 - Error Message History Disclosure

source: https://www.securityfocus.com/bid/6759/info It has been reported that Opera fails to ensure that a remote site has proper authorization before executing some methods used to access error messages stored in the Opera console. This issue is further exacerbated by the fact that error message...

Opera Images (GM#004-OP)

GreyMagic Security Advisory GM004-OP ===================================== By GreyMagic Software, Israel. 04 Feb 2003. Available in HTML format at http://security.greymagic.com/adv/gm004-op/. Topic: Opera Images. Discovery date: 29 Jan 2003. Affected applications: ====================== Opera 7...

Opera Cross Domain Scripting Vulnerability

Description A vulnerability has been reported reported for Opera 7 browsers for Microsoft Windows operating systems. Due to flaws in Opera, it is possible for functions in different domains to be accessed and executed by an attacker with the credentials of the victim user. This vulnerability is...

Opera 7.0 - History Object Information Disclosure

source: https://www.securityfocus.com/bid/6757/info An information disclosure weakness has been reported for Opera 7 browsers on the Microsoft Windows platform. The weakness is due to the way the history object exposes some properties. Specifically, the properties history.next and history.previou...

Opera 7 - Image Rendering HTML Injection

source: https://www.securityfocus.com/bid/6756/info It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode URLs to local files. As a result of this lack of sanitization Opera is vulnerable to HTM...

Opera 7.0 - JavaScript Console Attribute Injection

Opera 7.0 - JavaScript Console Attribute Injection source: https://www.securityfocus.com/bid/6755/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability ...

Opera 7.0 - Error Message History Disclosure

Opera 7.0 - Error Message History Disclosure source: https://www.securityfocus.com/bid/6759/info It has been reported that Opera fails to ensure that a remote site has proper authorization before executing some methods used to access error messages stored in the Opera console. This issue is furth...

Opera: What's Next (GM#005-OP)

GreyMagic Security Advisory GM005-OP ===================================== By GreyMagic Software, Israel. 04 Feb 2003. Available in HTML format at http://security.greymagic.com/adv/gm005-op/. Topic: Opera: What's Next. Discovery date: 28 Jan 2003. Affected applications: ====================== Ope...

Phantom of the Opera (GM#003-OP)

GreyMagic Security Advisory GM003-OP ===================================== By GreyMagic Software, Israel. 04 Feb 2003. Available in HTML format at http://security.greymagic.com/adv/gm003-op/. Topic: Phantom of the Opera. Discovery date: 29 Jan 2003. Affected applications: ======================...

Opera 7.0 - JavaScript Console Attribute Injection

source: https://www.securityfocus.com/bid/6755/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script code in a sensitive context...

Opera 6.0/7.0 - opera.PluginContext Native Method Denial of Service

source: https://www.securityfocus.com/bid/6814/info Opera ships with a trusted Java class 'opera.PluginContext' that includes a native method that is reportedly prone to denial of service attacks. It is possible for a malicious Java applet to trigger this condition to cause a denial of service...

Opera 6.07.0 - opera.PluginContext Native Method Denial of Service

Opera 6.07.0 - opera.PluginContext Native Method Denial of Service source: https://www.securityfocus.com/bid/6814/info Opera ships with a trusted Java class 'opera.PluginContext' that includes a native method that is reportedly prone to denial of service attacks. It is possible for a malicious Ja...

CVE-2002-2332

Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service crash via an IMG tag with large width and height attributes...

CVE-2002-2312

Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript 1 event.ctrlKey or 2 event.shiftKey onkeydown event contained in a webpage...

CVE-2002-2358

Cross-site scripting XSS vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL...

CVE-2002-2414

Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority CA certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service crash...

Multiple Opera bug

Errors in scripting allow access to local files...

Opera 7 vulnerabilities

We've done some basic security tests, in cooperation with Tom Gilder, on the new Opera 7 beta release and found two major security vulnerabilities. These vulnerabilities are quite obvious and likely to be discovered by malicious users. Combined, they allow full read access to a victim's file syst...

CVE-2002-0898

Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline...