Lucene search
K
OperaMost viewed

391 matches found

Opera Security Advisories
Opera Security Advisories
added 2009/11/20 12:0 a.m.177 views

Heap buffer overflow in string to number conversion

Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. This also affects the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash...

6.8CVSS2.6AI score0.28167EPSS
Exploits43References1Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/10/18 12:0 a.m.169 views

Opera security upgrade for Mac OS X

Opera 9.24 has a highly recommended security upgrade for users of the Adobe Flash Player 9.0.47.0 and earlier on Mac OS X. A security issue in Adobe Flash Player 9.0.47.0 and earlier running in Opera on Mac OS X has been found. Details about the vulnerability will be disclosed at a later date...

10CVSS1.2AI score0.09081EPSS
Exploits0References1Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/06/10 12:0 a.m.30 views

Random number generator and input name linebreaks can be used to send custom data to other sites

Input names can contain line breaks when data is sent using POST. Suitable use of the random number generator can reveal predictable boundaries that will be used when sending the POST data. These can be combined to add extra boundaries into the data, containing payloads that may confuse the...

0.9AI score
Exploits0References1Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.30 views

Sites can change framed content on other sites

Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to open pages from other...

1.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/10/06 12:0 a.m.29 views

Manipulating the window can be used to spoof the page address

Web page scripts can be used to alter the size of the browser window. In some cases, this manipulation can cause the wrong part of the Web page address to be displayed in the Address Bar, so that the part that is initially visible to the user is not the start of the address, and may contain conte...

1.7AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/10/06 12:0 a.m.29 views

Cross-domain checks may be bypassed, allowing limited data theft using CSS

CSS can be loaded cross-domain. In some cases, files that do not contain CSS may be partially interpreted as CSS. It is possible to make Opera incorrectly treat remote CSS files as if they were CSS files from the document-origin server, allowing the interpreted parts of a remote file to be read b...

2.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.29 views

Certain characters may be used for domain name spoofing

Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With untrusted top-level domains, Opera prevents certain combinations of characters from being used in the same part of a domain name as each other, and should...

2.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/02/09 12:0 a.m.29 views

Data URLs with executables and misleading download dialog

The data URL scheme allows authors to embed binary files,instead of using links to external files. Data URLscontaining file types that Opera can display are renderedinline; other file types will be handled by Opera'sdownload dialog. A bug in Opera's file download handling causes the downloaddialo...

0.7AI score
Exploits0References1Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/10/27 12:0 a.m.28 views

Web fonts can be used to spoof the page address

In some cases, a Web font intended to be used for page content could be incorrectly used by Opera to render parts of the user interface, including the address field. This can be used by a malicious site to display a false domain name in the address field...

1.2AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.26 views

Vulnerability in createSVGTransformFromMatrix (JavaScript, SVG)

Passing an incorrect object to createSVGTransformFromMatrixcan crash Opera and enable arbitrary code execution. Users who have disabled JavaScript are not affected...

3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2005/01/05 12:0 a.m.26 views

Phishing attack possible with a delayed JavaScript prompt

A malicious page can be crafted to send the userto his banking site, and shortly afterwardsdisplay a dialog enticing the user to type inhis bank login credentials.The dialog will appear in front of the bankingpage, while the window it really belongs to willbe hidden. If the timing and context is...

6.9AI score
Exploits0References1Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.25 views

Malformed JPEG headers can be used to execute arbitrary code

A specially crafted JPEG header can cause Opera to crash, allowing execution of arbitrary code...

4.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/15 12:0 a.m.25 views

Manipulating text input contents can allow execution of arbitrary code

Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code...

3.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.24 views

Custom shortcuts can pass the wrong parameters to applications

Custom shortcut and menu commands can be used to activate external applications. In some cases, the parameters passed to these applications are not prepared correctly, and may be created from uninitialized memory. These may be misinterpreted as additional parameters, and depending on the...

4.9AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.24 views

Registering Opera as a protocol handler can allow it to be used to execute arbitrary code

When an application attempts to access a URL that uses a protocol that it does not understand, it may choose to pass the URL to a registered handler for that protocol. If that registered handler is Opera, it will be started, passing the URL to open. Some external applications do not ensure that t...

2.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/15 12:0 a.m.24 views

Script injection in feed preview can reveal contents of unrelated news feeds

When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive...

1.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/15 12:0 a.m.24 views

Built-in XSLT templates can allow cross-site scripting

Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the securi...

2.5AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/06/11 12:0 a.m.24 views

Pages held in frames are able to change the location of pages in unrelated frames on the parent page

Pages from different sources held on the same parent page should not be able to modify the locations of each other. In affected Opera versions, if a page contains frames from both a trusted but not secured, and an untrusted source, the untrusted page is able to replace the contents of a named...

1.7AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/07/19 12:0 a.m.24 views

The createPattern function can reveal old data from random places in memory

Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function thatleaves old data that was in the memory before Opera allocated itin the new pattern. The pattern can be read and analyzed byJavaScript, so an attacker can get random samples of the user'smemory, which may contain da...

1.7AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2006/09/05 12:0 a.m.24 views

A very large href attribute value in HTML can crash Opera

A Web page containing a very large href attribute value cancause Opera to crash.This exploit causes Opera to access the wrong location inmemory, so Opera is forced to quit. It is not possibleexploit this to run arbitrary code...

1.7AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/08/12 12:0 a.m.23 views

News feed preview can subscribe to feeds without interaction

When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user to the feed without their consent...

1.5AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/08/29 12:0 a.m.23 views

MD2 algorithm used by security certificates is considered weak

Digital signatures made with the MD2 algorithm are used in some of the issuer certificates that Opera trusts. MD2 is now considered weak...

1.7AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.23 views

Fast Forward can allow cross-site scripting

If a link that uses a JavaScript URL triggers Opera's Fast Forward feature, when the user activates Fast Forward, the script should run on the current page. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can b...

1.1AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/05/24 12:0 a.m.23 views

Malicious torrent files can execute arbitrary code in Opera

A specially crafted torrent file can cause a buffer overflow in Opera.This allows arbitrary code to be injected and executed. The overflow happens when the user right-clicks on the torrent entryin the transfer manager. Simply clicking on the torrent link willnot trigger this flaw...

2.9AI score
Exploits0References1Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2006/07/05 12:0 a.m.23 views

(Updated) Specially crafted JPEG images enables the execution of arbitrary code. – Opera Security Advisories

Updated Specially crafted JPEG images enables the execution of arbitrary code. – Opera Security Advisories OPCOM Team | July 5, 2006 Summary A specially crafted JPEG image can enable the execution ofarbitrary code. Severity: Critical Affected versions: Versions prior to 9.0 of Opera forMicrosoft...

6.2AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2005/11/23 12:0 a.m.23 views

Specially crafted Java applets can crash Opera

Java code using LiveConnect methods to remove a property of aJavaScript object may in some cases use null pointers that canmake Opera crash. This crash is not exploitable and such code israre on the web...

3.2AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.22 views

Unrestricted File I/O can be used by Widgets to execute arbitrary code

Widgets may use File I/O to create, read, modify, or delete files, with the user's permission. When using this functionality, Opera should request permission from the user, and ask for a location to use for the files that will be manipulated. In some cases, Opera fails to ask for permission, and...

1.8AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.22 views

Representation of DOM attribute values could allow cross-site scripting

When XML is imported into a document, its attribute values are not correctly presented to the DOM. This can allow their values to bypass sanitization filters. If these values are used as document content, they may in some cases allow scripts to be inserted...

2.8AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2026/06/09 12:0 a.m.21 views

Security fix: Addressing a low-impact Pinboards vulnerability

News, Security Security fix: Addressing a low-impact Pinboards vulnerability Share June 9th, 2026 Hi Opera users, Recently, an independent security researcher responsibly disclosed a vulnerability in Opera’s Pinboards feature, which helped our team to quickly work on a fix. The vulnerability...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2024/09/25 12:0 a.m.21 views

Protecting your privacy: Opera has completed an independent no-log audit of its free browser VPN

Privacy Protecting your privacy: Opera has completed an independent no-log audit of its free browser VPN Share September 25th, 2024 Hi Opera users! We are excited to announce that we have successfully completed an independent audit of our no-log policy for Opera’s free browser VPN available on...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2011/01/04 12:0 a.m.21 views

Certain DOM manipulations can allow execution of arbitrary code – Opera Security Advisories

Certain DOM manipulations can allow execution of arbitrary code – Opera Security Advisories OPCOM Team | January 4, 2011 Severity High Description Various unexpected DOM manipulations can cause Opera to crash. In some cases, these crashes can occur in a way that allows execution of arbitrary code...

6.1AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.21 views

Users can be tricked into uploading unexpected files – Opera Security Advisories

Users can be tricked into uploading unexpected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description Plug-ins may be used to seed the system clipboard with paths to a target file, while the user may not expect that to be the contents of the clipboard. If th...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/06/22 12:0 a.m.21 views

Data URIs can be used to allow cross-site scripting

Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be...

1.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/08/29 12:0 a.m.21 views

Opera may show some incorrect characters in the address bar

Some Unicode characters are treated incorrectly, which might cause international domain names that use them to be shown in the wrong format. Showing these addresses in Unicode instead of punycode could allow for limited address spoofing...

2.1AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.21 views

canvas functions can reveal data from random places in memory

There is a flaw in the way that certain canvas functions are handled, that can cause the canvas to be painted with very small amounts of data constructed from random memory. The resulting canvas image can be read and analyzed by JavaScript, so an attacker can get random samples of the user's...

1.3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.21 views

Java applets can be used to read sensitive information

Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it to run in the context of the local machine. This allows it to read other cache files on the computer or perform other normally more restrictive actions. Thes...

1.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/15 12:0 a.m.21 views

HTML parsing flaw can cause Opera to execute arbitrary code

Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be employed...

2.8AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/06/09 12:0 a.m.21 views

Certain characters can obscure the page address

When a page address contains certain characters, they can cause the page address text to be misplaced. In some cases, this could make characters be indistinguishable from each other, allowing some site addresses to look like other site addresses...

3.3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/02/09 12:0 a.m.21 views

Opera security advisory 2004-12-10

Named frames or windows can be hi-jacked by malicious frames or windows. Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog misleading. A user may be convinced that an executable file is something else, for example a PDF document. Applets hav...

2.6AI score
Exploits0References2Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2006/02/17 12:0 a.m.21 views

The link tooltip and the statusbar can be misleading

It is possible to make a form input that looks like an image link.If the form input has a "title" attribute, the status bar will showthe "title". A "title" which looks like a URL can mislead the user,since the title can say http://nice.familiar.com/, while the formaction can be something...

7AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2026/06/11 12:0 a.m.20 views

Update your browser: Security fix for Chrome zero-day CVE-2026-11645

News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-11645 Share June 11th, 2026 Hi everyone! The latest patches to Opera’s browsers address several recent vulnerabilities, including a zero-day exploit CVE-2026-11645. We recommend updating your browsers to the latest...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2010/12/17 12:0 a.m.20 views

Opera may be used as a vector for multiple font issues in the underlying operating system – Opera Security Advisories

Opera may be used as a vector for multiple font issues in the underlying operating system – Opera Security Advisories OPCOM Team | December 17, 2010 Affected versions This vulnerability may be targeted through Opera for Windows. Severity Critical Description A flaw in the font handling on the...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/04/28 12:0 a.m.20 views

Multiple asynchronous document modifications can be used to execute arbitrary code

Multiple asynchronous calls to a script that modifies the document contents can cause Opera to reference an uninitialized value, which may lead to a crash. To inject code, additional techniques will have to be employed...

2.5AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/03/18 12:0 a.m.20 views

XSLT can be used to retrieve random contents of unrelated documents

XSLT is normally subject to strict controls, preventing documents from separate Web sites from reading the contents of other sites. Certain XSLT constructs can cause Opera to retrieve the wrong contents for the resulting document. These contents will appear randomly from the cached versions of an...

1AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.20 views

A JPEG image with a malformed header can crash Opera

A specially crafted DHT marker in the JPEG file header can causea heap overflow. The malformed image alone will only cause a crash. To exploitthe flaw, the computer's memory must first be filled up withcode of the attacker's choice. This is not trivial to do reliably,so attempted attacks will oft...

1.8AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.20 views

Image properties can be used to execute scripts

Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This can cause the script to be run in the wrong security context...

2.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.20 views

Insecure pages can show incorrect security information

When insecure pages load content from secure sites into a frame, they can cause Opera to incorrectly report the insecure site as being secure. The padlock icon will incorrectly be shown, and the security information dialog will state that the connection is secure, but without any certificate...

2.1AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2026/03/06 12:0 a.m.19 views

Busting VPN myths: What a VPN can do for your privacy and what it can’t

Privacy Busting VPN myths: What a VPN can do for your privacy and what it can’t Share March 6th, 2026 If you’re reading this blog, you have probably heard of or used a VPN before. The truth is, VPNs are incredibly useful! They are one of the most effective tools for protecting your online privacy...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2023/07/06 12:0 a.m.19 views

Debunking misinformation about Opera’s browsers

Privacy, Security Debunking misinformation about Opera’s browsers Share July 6th, 2023 At Opera, we take the privacy and security of our users very seriously. As a European company, we have to be compliant with the GDPR – one of the strongest, if not the strongest, data protection frameworks in t...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2011/01/26 12:0 a.m.19 views

Email passwords are not immediately deleted when deleting private data – Opera Security Advisories

Email passwords are not immediately deleted when deleting private data – Opera Security Advisories OPCOM Team | January 26, 2011 Severity Moderate Description When using “Delete Private Data” and selecting the option to “Clear all email account passwords”, the passwords were not deleted...

5.7AI score
Exploits0References1
Total number of security vulnerabilities391