EUVD-2010-2137

Malware in sbrugna...

SUSE CVE-2010-1989

Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many images, a related issue to CVE-2010-0181...

SUSE CVE-2010-1993

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...

CVE-2010-2121

Opera 9.52 allows remote attackers to cause a denial of service resource consumption via JavaScript code containing an infinite loop that creates IFRAME elements for invalid 1 news:// or 2 nntp:// URIs...

CVE-2010-1989

Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many images, a related issue to CVE-2010-0181...

CVE-2010-1993

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...

CVE-2010-1993

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...

Design/Logic Flaw

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...

Design/Logic Flaw

Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many images, a related issue to CVE-2010-0181...

CVE-2010-1993

Opera 9.52 is affected by CVE-2010-1993 due to improper handling of an IFRAME element with a mailto: URL in the SRC attribute, enabling denial of service via a page with many IFRAMEs. Public advisories (SUSE openSUSE GLSA 201206-03 and related Nessus plugins) describe upgrades to Opera 10.60 as t...

CVE-2010-1993

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...

CVE-2010-1989

CVE-2010-1989 affects Opera 9.52, where an IMG element with SRC redirecting to a mailto: URL can trigger the external mail handler and exhaustively launch applications, causing denial of service via pages with many images. Root cause: image tag redirect to mailto. No remediation details are provi...

Cross site scripting

Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header, a related issue to...

CVE-2009-2351

Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header, a related issue to...

CVE-2009-1234

Opera 9.64 allows remote attackers to cause a denial of service application crash via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected...

CVE-2009-1234

CVE-2009-1234 affects Opera 9.64 (and noted for 9.52) where an XML document containing a long sequence of start-tags with no matching end-tags can cause a remote denial of service (application crash). The connected advisories confirm this vulnerability in Opera and link it to multiple vendor upda...

opera 9.52 using ajax to read a local file vulnerability-vulnerability warning-the black bar safety net

by emptiness prodigal heart This may also be a safety feature right, opera can use ajax to read a local file. ff3 does not have this vulnerability. Not nonsense, look at the code. Use as follows: This piece of code saved as a local htm file, and then use opera to open. Will put a local user name...

Sites can change framed content on other sites – Opera Security Advisories

Sites can change framed content on other sites – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be...

Opera 9.52/9.60 Stored Cross Site Scripting Code Exec PoC

No description provided by source. !-- Just found a way to use Stefano’s opera:config idea to execute code from remote. Instead of changing the HTTP Proxy, an attacker can change the default external mail application to “\evil\malware.exe ”, or to local commands e.g. ftp.exe which can be used to...

CVE-2008-4725

Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...