5 matches found
Use of SVG clipPaths can allow execution of arbitrary code – Opera Security Advisories
When SVG documents with specifically prepared clipPaths are used in Opera, Opera may allow other content to overwrite the memory, before referencing the memory, which will lead to a crash. If an attacker can control the contents being written into memory, execution of arbitrary code may occur...
Small windows can be used to trick users into executing downloads – Opera Security Advisories
When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in a small enough window, the user may not realize it is being displayed, and if the right keyboard sequence is carefully followed, they can end...
Carefully timed reloads and redirects can spoof the address field – Opera Security Advisories
The address field should always show the address of the page that is being displayed. In certain cases, if a target site responds slowly, reloading an attacking page and redirecting to the target page can cause the address field to show the target site’s address, while the attacking site is still...
Long hostnames in file: URLs can cause execution of arbitrary code – Opera Security Advisories
Long hostnames in file: URLs can cause execution of arbitrary code – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Highly Severe Problem Description Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remot...
Internationalized domain names (IDN) can be used for spoofing. – Opera Security Advisories
Internationalized domain names IDN can be used for spoofing. – Opera Security Advisories OPCOM Team | February 25, 2005 Summary Opera supports internationalized domain names IDN, which allowsfor example Russian or Chinese domain names to be written in theirown native scripts. However, this also...