23 matches found
HTTP response heap buffer overflow can allow execution of arbitrary code – Opera Security Advisories
When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruptio...
Data URIs can be used to facilitate Cross-Site Scripting – Opera Security Advisories
Data URIs are only supposed to inherit the scripting origin from the site that creates them, such as by including them as the target of a link or an inline frame in the source of the document. Specific sequences of document and data URI loading can cause Opera to forget which document created the...
Cross-domain JSON resources may be exposed as JavaScript variable data – Opera Security Advisories
JSON strings are sometimes exported by sites as a resource that cannot be read cross-domain, and may contain confidential data. The format of a JSON string ensures that it cannot be read as the contents of a variable, if it is included as a normal script. In some cases, Opera does not correctly...
Certain DOM manipulations can allow execution of arbitrary code – Opera Security Advisories
Certain DOM manipulations can allow execution of arbitrary code – Opera Security Advisories OPCOM Team | January 4, 2011 Severity High Description Various unexpected DOM manipulations can cause Opera to crash. In some cases, these crashes can occur in a way that allows execution of arbitrary code...
JavaScript might run in the wrong context if loaded from error page – Opera Security Advisories
JavaScript might run in the wrong context if loaded from error page – Opera Security Advisories OPCOM Team | October 11, 2010 Severity Moderate Description If Opera is sent to an invalid URL, an error page will be displayed along with a link to the URL. The URL linked to might run scripts, and in...
Private video streams can be intercepted – Opera Security Advisories
Private video streams can be intercepted – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Moderate Description Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the...
Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories
Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | August 12, 2010 Severity High Description Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflow...
Certain characters may be used for domain name spoofing – Opera Security Advisories
Certain characters may be used for domain name spoofing – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Moderately severe Description Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With...
File inputs can disclose the path to selected files – Opera Security Advisories
File inputs can disclose the path to selected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitiv...
Sites using revoked intermediate certificates might be shown as secure – Opera Security Advisories
Sites using revoked intermediate certificates might be shown as secure – Opera Security Advisories OPCOM Team | August 29, 2009 Summary Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the...
Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories
Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories OPCOM Team | June 10, 2009 Severity Moderately severe Problem description Input names can contain line breaks when data is sent using POST. Suitable use of the random numbe...
Insecure pages can show incorrect security information – Opera Security Advisories
Insecure pages can show incorrect security information – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Less Severe Problem Description When insecure pages load content from secure sites into a frame, they can cause Opera to incorrectly report the insecure site as being secure...
Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories
Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Moderately Severe Problem Description When a user types into a file input, scripts can cause some of the keystrokes to be ignored. If the script can convince t...
Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories
Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description A specially crafted JPEG header can cause Opera to crash, allowing execution of arbitrary code. Opera’s Response Opera Software has...
Malformed bitmaps can reveal old data from random places in memory – Opera Security Advisories
Malformed bitmaps can reveal old data from random places in memory – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Usi...
Built-in XSLT templates can allow cross-site scripting – Opera Security Advisories
Built-in XSLT templates can allow cross-site scripting – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Highly Severe Problem Description Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untruste...
Script injection in feed preview can reveal contents of unrelated news feeds – Opera Security Advisories
Script injection in feed preview can reveal contents of unrelated news feeds – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Highly Severe Problem Description When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which ar...
Scripts can overwrite functions on pages from other domains – Opera Security Advisories
Scripts can overwrite functions on pages from other domains – Opera Security Advisories OPCOM Team | October 16, 2007 Scripts can overwrite functions on pages from other domains. Severity: Highly Severe Affected Versions All versions of Opera for Desktop prior to Opera 9.24. Problem Description...
GLSA-200708-17 : Opera: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200708-17 Opera: Multiple vulnerabilities An error known as 'a virtual function call on an invalid pointer' has been discovered in the JavaScript engine CVE-2007-4367. Furthermore, iDefense Labs reported that an already-freed...
data: URLs can spoof trusted trusted sites – Opera Security Advisories
data: URLs can spoof trusted trusted sites – Opera Security Advisories OPCOM Team | July 19, 2007 Summary Opera displays certain data: URLs wrongly, enabling URL spoofing. Severity: Moderately severe Problem description data: URLs embed data inside them, instead of linking to an externalresource...