Crossite scripting in Opera

javascript: URL is executed in context of previously loaded page...

Opera javascript protocoll vulnerability [Sandblad advisory #6]

Sandblad advisory 6 - ---..---..---..---..---..---..---..---..---..---..---..---..---- Title: Opera javascript protocoll vulnerability Date: 2002-05-15 Software: At least Opera 6.01, 6.0, 5.12 win Rating: High because Opera is assumed to be secure Impact: Read cookies/local filestructure/cache...

Opera 5.126.0 - Frame Location Same Origin Policy Circumvention

Opera 5.126.0 - Frame Location Same Origin Policy Circumvention source: https://www.securityfocus.com/bid/4745/info Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some...

CVE-2001-1245

Opera 5.0 for Linux is affected by a denial-of-service vulnerability caused by improper handling of malformed HTTP headers. A remote attacker could trigger a crash, potentially by sending a header whose value matches a MIME header name. The root cause is not detailed beyond this description, and ...

CVE-2002-0270

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web...

CVE-2002-0270

CVE-2002-0270 involves Opera. When the option “Determine action by MIME type” is disabled, Opera may treat an object as an HTML document even if its Content-Type is text/plain. This can allow remote attackers to execute arbitrary scripts in documents users do not expect, potentially affecting web...

CVE-2002-0243

CVE-2002-0243 describes a cross-site scripting vulnerability in Opera 6.0 and earlier. An Extended HTML Form output from the remote server is not properly cleansed, allowing remote attackers to execute arbitrary script. The NVD record lists a base score of 7.5 (HIGH) with NETWORK attack vector an...

CVE-2002-0243

Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed...

CVE-2001-1245

Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name...

Microsoft Internet Explorer 56 Mozilla 0.80.9.x Opera 56 - JavaScript Interpreter Denial of Service

Microsoft Internet Explorer 56 Mozilla 0.80.9.x Opera 56 - JavaScript Interpreter Denial of Service source: https://www.securityfocus.com/bid/4322/info It is possible to create a loop in JavaScript which is capable of crashing various web browsers. This is due to a flaw in the JavaScript...

CVE-2001-0898

Opera 6.0 and earlier are affected by a remote information disclosure vulnerability where JavaScript using setTimeout can access data across domains (1) after opening a new window to a different domain, and (2) via about:cache, exposing cookies and cross-domain links. Root cause: cross-origin dat...

CVE-2001-0898

Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to 1 access data after a new window to the domain has been opened or 2 access data via about:cache...

CVE-2001-1491

Opera 5.11 allows remote attackers to cause a denial of service CPU consumption and memory leak via a web page with a large number of images...

Re: Several javascript vulnerabilities in Opera

Dear bugtraq, I mailed Opera one week ago about a similiar javascript vulnerability in Opera. I was still waiting for any respond from Opera when I saw Guninski's bugtraq post. One thing that wasn't mentioned and might not be obvious is that the vulnerability can also be used to list files on the...

Several javascript vulnerabilities in Opera

Georgi Guninski security advisory 51, 2001 Several javascript vulnerabilities in Opera Systems affected: Opera 5.12/Windows, Opera 5.0/Linux - probably other versions Risk: Medium Date: 15 November 2001 Legal Notice: This Advisory is Copyright c 2001 Georgi Guninski. You may distribute it...

CVE-2001-0898

Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to 1 access data after a new window to the domain has been opened or 2 access data via about:cache...

Opera 5.0/5.1 - Same Origin Policy Circumvention

source: https://www.securityfocus.com/bid/3553/info Opera is a popular, freely available web browser that is supported across many different platforms. Opera is prone to an issue which may allow for the execution of script code across domains, allowing for circumvention of the web browser's...

Opera 5.05.1 - Same Origin Policy Circumvention

Opera 5.05.1 - Same Origin Policy Circumvention source: https://www.securityfocus.com/bid/3553/info Opera is a popular, freely available web browser that is supported across many different platforms. Opera is prone to an issue which may allow for the execution of script code across domains,...

CVE-1999-1283

Opera 3.2.1 is affected by a vulnerability where a URL containing an extra / in the http:// tag can trigger a denial of service (application crash). Root cause is in URL handling within Opera 3.2.1 (no further technical specifics provided in the documents). Impact stated: availability degradation...

CVE-1999-1283

Opera 3.2.1 allows remote attackers to cause a denial of service application crash via a URL that contains an extra / in the http:// tag...