SUSE CVE-2009-3046

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate...

SUSE CVE-2009-3265

Cross-site scripting XSS vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a 1 RSS or 2 Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design...

SUSE CVE-2009-3266

Opera before 10.01 does not properly restrict HTML in a 1 RSS or 2 Atom feed, which allows remote attackers to conduct cross-site scripting XSS attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed,...

SUSE CVE-2009-3831

Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted domain name...

SUSE CVE-2009-4071

Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting XSS attacks via unspecified vectors...

SUSE CVE-2009-4072

Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."...

SUSE CVE-2010-0653

Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document...

SUSE CVE-2010-1310

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages...

SUSE CVE-2010-1989

Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many images, a related issue to CVE-2010-0181...

SUSE CVE-2010-1993

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...

SUSE CVE-2010-2576

Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving 1 closing a tab or 2 hiding a tab, a related issue ...

SUSE CVE-2010-3019

Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service application crash or hang via vectors related to HTML5 canvas painting operations that occur during the application of transformations...

SUSE CVE-2010-3021

Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service CPU consumption and application hang via an animated PNG image...

SUSE CVE-2010-3020

The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content...

SUSE CVE-2010-4044

Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size...

SUSE CVE-2010-4043

Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document...

SUSE CVE-2010-4045

Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting XSS attacks, and possibly execute arbitrary code by leveraging the ability of a script to...

SUSE CVE-2010-4048

Opera before 10.63 allows user-assisted remote web servers to cause a denial of service application crash by sending a redirect during the saving of a file...

SUSE CVE-2010-4046

Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content...

SUSE CVE-2010-4047

Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting XSS attacks via a crafted web site...