13 matches found
Resolving the “screen capture” notification issue on MacOS Sonoma
News, Privacy Resolving the “screen capture” notification issue on MacOS Sonoma Share October 2nd, 2023 Hey everyone! We recently became aware of an issue that appears for some users of Sonoma, or MacOS 14 – the latest version of MacOS currently rolling out to Macs worldwide. It seems that upon...
Manipulating the window can be used to spoof the page address – Opera Security Advisories
Manipulating the window can be used to spoof the page address – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Low Description Web page scripts can be used to alter the size of the browser window. In some cases, this manipulation can cause the wrong part of the Web page address t...
Cross-domain checks may be bypassed, allowing limited data theft using CSS – Opera Security Advisories
Cross-domain checks may be bypassed, allowing limited data theft using CSS – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Moderate Description CSS can be loaded cross-domain. In some cases, files that do not contain CSS may be partially interpreted as CSS. It is possible to mak...
Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories
Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | August 12, 2010 Severity High Description Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflow...
Unrestricted File I/O can be used by Widgets to execute arbitrary code – Opera Security Advisories
Unrestricted File I/O can be used by Widgets to execute arbitrary code – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Highly severe Description Widgets may use File I/O to create, read, modify, or delete files, with the user’s permission. When using this functionality, Opera shou...
Data URIs can be used to allow cross-site scripting – Opera Security Advisories
Data URIs can be used to allow cross-site scripting – Opera Security Advisories OPCOM Team | June 22, 2010 Severity Highly severe Description Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly...
canvas functions can reveal data from random places in memory – Opera Security Advisories
canvas functions can reveal data from random places in memory – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately severe Problem description There is a flaw in the way that certain canvas functions are handled, that can cause the canvas to be painted with very small...
Java applets can be used to read sensitive information – Opera Security Advisories
Java applets can be used to read sensitive information – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Highly Severe Problem Description Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it...
Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories
Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Moderately Severe Problem Description When a user types into a file input, scripts can cause some of the keystrokes to be ignored. If the script can convince t...
Images can be read cross-domain with canvas – Opera Security Advisories
Images can be read cross-domain with canvas – Opera Security Advisories OPCOM Team | June 9, 2008 Severity: Less Severe Problem Description HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the...
Opera’s HTTP authentication cuts off long server names at the end – Opera Security Advisories
Opera’s HTTP authentication cuts off long server names at the end – Opera Security Advisories OPCOM Team | July 19, 2007 Summary Opera’s HTTP authentication dialog cuts off long server name at the right hand end. Severity: Less severe Problem description Opera’s HTTP authentication dialog is...
A forged SSL server certificate can be accepted by Opera as a valid certificate – Opera Security Advisories
A forged SSL server certificate can be accepted by Opera as a valid certificate – Opera Security Advisories OPCOM Team | September 21, 2006 Summary: A forged SSL server certificate can be accepted by Opera as a valid certificate. Severity: Highly critical Vulnerable versions: Opera for desktop...
Phishing attack possible with a delayed JavaScript prompt – Opera Security Advisories
Phishing attack possible with a delayed JavaScript prompt – Opera Security Advisories OPCOM Team | January 5, 2005 Severity: Moderate/low Problem description A malicious page can be crafted to send the userto his banking site, and shortly afterwardsdisplay a dialog enticing the user to type inhis...