Scripts can overwrite functions on pages from other domains

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site...

Private video streams can be intercepted

Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the content of the canvas can be safely read out by scripts. In some cases, Opera does not check the video's origin correctly, and may...

File inputs can disclose the path to selected files

When a file is selected in a file upload input, the path to that file is not exposed through the input's value property. This is done to protect any sensitive information which may be contained in the directory names. When manipulated by DOM this information should also not be exposed. Certain DO...

Widget properties exposed to third party domains

In some cases, widget properties could be exposed to third party domains, leading to the possibility of leak of widget information, or configuration options for the widget...

Specially crafted JPEG images can be used to execute arbitrary code

Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code...

Certain characters can be used to allow cross-site scripting

When accepting HTML content from untrusted users, Web sites sometimes employ some kind of filtering to ensure that the content cannot contain scripts. If the content is to be used inside an HTML attribute, characters that separate attributes need to be filtered out to prevent scripted attributes...

History Search can be used to execute arbitrary code

When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration, allowing them...

Specially crafted addresses can execute arbitrary code

If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page...

A malicious torrent can cause Opera to execute arbitrary code

Removing a specially crafted torrent from the download managercan crash Opera. The crash is caused by an erroneous memoryaccess.An attacker needs to entice the user to accept the maliciousBitTorrent download, and later remove it from Opera's downloadmanager. To inject code, additional means will...

Double-clicking a link can run a program from the Internet

Links in Web pages only require a single click. When a userdouble-clicks on a Web link, that action is taken as twoseparate clicks: One to follow the link, and the other toany dialog that might appear where the link was.A specially crafted page can place the link so that the"Open" button in the...

Opera may execute command line embedded in URLs

Opera for UNIX uses a wrapper shell script to start up Opera.This shell script reads the input arguments, like the file namesor URLs that Opera is to open. It also performs some environmentchecks, for example whether Java is available and if so, where itis located.This wrapper script can also run...

*.com accepted as wildcard match in SSL/TLS name matching

Certificate authorities are expected to vet all certificate registrations, but may fail to prevent fraudulent or erroneous registrations. Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such...

Newsfeed prompt can cause Opera to execute arbitrary code

When Opera encounters a newsfeed source on a Web page, it prompts to add the source as a newsfeed. A script can manipulate the feed source in a way that can cause Opera to crash. The crash is caused by an erroneous memory access. To inject code, additional techniques will have to be employed...

Opera security upgrade for Linux, Solaris and FreeBSD

A security issue in the Adobe Flash Player running in Opera on Linux, Solaris or FreeBSD has been found. Details about the vulnerability will be disclosed at a later date...

Resized canvas patterns can cause Opera to execute arbitrary code

HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause Opera to crash. This crash can sometimes cause memory corruption. To inject code, additional techniques will have to be employed...

A forged SSL server certificate can be accepted by Opera as a valid certificate

A specially crafted digital certificate can bypass Opera'scertificate signature verification. Forged certificatescan contain any false information the forger chooses, andOpera will still present it as valid. Opera will not presentany warning dialogs in this case, and the security statuswill be th...

Malicious setRequestHeader cross-site vulnerability

A malicious setRequestHeader can be used to stealuser credentials and inject cross-site JavaScript...

Why browsing with Opera’s VPN is safer

Security Why browsing with Opera’s VPN is safer Share May 29th, 2026 A virtual private network VPN is a great way to protect yourself online, especially on public hotspots. Opera is the first major browser to have a built-in, no-log, unlimited browser VPN that is completely free. So how can you...

Fuzzing HTTP Proxies: Privoxy, Part 1

Research Fuzzing HTTP Proxies: Privoxy, Part 1 Share May 17th, 2021 Here at Opera, we’re always looking for ways to improve the browsing experience of our users with speed and usability. Perhaps more importantly though, we also look for ways to improve users’ privacy and security. While we...

Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code

Opera uses dynamic link libraries DLLs of its own, and several provided by the host operating system or plug-ins. In some cases, Opera searches for these DLLs in the same location as a resource that is being loaded, and if a malicious DLL is located, it will load that as if it were a trusted DLL...

Unexpected changes in tab focus can be used to run programs from the Internet

Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab is closed or hidden at the moment that a user was about to click, they can end up clicking on the buttons in the dialog, causin...

History Search can reveal browsing history

Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to look through the user's browsing history, including the contents of the pages they have visited. These may contain sensitive information...

Feed preview can reveal contents of unrelated news feeds

When Opera is previewing a news feed, some scripts are not correctly blocked. These scripts are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information...

Startup crash can allow execution of arbitrary code

When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this way can cause Opera to crash. To inject code, additional techniques will have to be employed...

External news readers and e-mail clients can be used to execute arbitrary code

If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code...

a specially crafted JavaScript can make Opera execute arbitrary code

A virtual function call on an invalid pointer that may referencedata crafted by the attacker can be used to execute arbitrary code...

Update your browser: Security fix for Chrome zero-day CVE-2026-11645

News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-11645 Share June 11th, 2026 Hi everyone! The latest patches to Opera’s browsers address several recent vulnerabilities, including a zero-day exploit CVE-2026-11645. We recommend updating your browsers to the latest...

How we keep Opera users and products safe: Inside the role of Head of Security

Security How we keep Opera users and products safe: Inside the role of Head of Security Share May 8th, 2026 We usually think of security only when something goes wrong – whether it’s a suspicious login we noticed, a strange pop-up we got while browsing, or a headline we read about a data breach...

Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code

Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code,...

Cross-domain data theft with CSS load

CSS can be loaded cross-domain, and in some cases it is be possible to read the data pointed to, leading to the possibility of cross-domain data theft...

Certain domain names can allow execution of arbitrary code

Specially crafted domain names can cause a memory corruption in Opera, which may lead to a crash. Successful exploitation can lead to execution of arbitrary code...

Sites using revoked intermediate certificates might be shown as secure

Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure...

Malformed bitmaps can reveal old data from random places in memory

Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Using canvas, the pattern can be read and analyzed by JavaScript, so an attacker can get random samples of the user's memory, which may contain data...

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting

Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own character encoding.A malicious page that uses the UTF-7 character encoding can includeother sites, for example inside iframes. This can be exploited toperform cross-site scripting...

The links panel can allow cross-site scripting

The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated...

Feed subscription can cause the wrong page address to be displayed

It has been reported that when a user subscribes to a news feed using the feed subscription button, the page address can be changed. This causes the address field not to update correctly. Although this can mean that that misleading information can be displayed in the address field, it can only...

(Updated) Specially crafted JPEG images enables the execution of arbitrary code.

A specially crafted JPEG image header can trick Opera into allocatingthe wrong amount of memory for the image. This can make Opera crash,or worse, execute code that has been placed into memory in advance...

Opera may allow scripts to access feeds

Opera may allow scripts to run on the feed subscription page, thereby gaining access to the feeds object. This can be used for automatic subscription of feeds, or reading other feeds...

TLS certificates can be used to execute arbitrary code

When connecting to a TLS-protected website, Opera parses the X.509 certificate. If a site uses a specially crafted Subject Alternative Name in the certificate, it can cause Opera to crash. To inject code, additional means will have to be employed...

Feed links can link to local files

As a security precaution, Opera does not allow Web pages to link to files on the user's local disk. However, a flaw exists that allows Web pages to link to feed source files on the user's computer. Suitable detection of JavaScript events and appropriate manipulation can unreliably allow a script ...

Opera's HTTP authentication cuts off long server names at the end

Opera's HTTP authentication dialog is displayed when the user enters a Web pagethat requires a login name and a password. To inform the user which server itwas that asked for login credentials, the dialog displays the server name.The user has to see the entire server name. A truncated name can be...

data: URLs can spoof trusted trusted sites

data: URLs embed data inside them, instead of linking to an externalresource. Opera can mistakenly display the end of a data URL insteadof the beginning. This allows an attacker to spoof the URL of atrusted site...

Vulnerability in Opera's use of kfmclient

The kfmclient is a part of the KDE desktop environment.It inspects the file given to it to determine its MIMEtype, and performs the action assigned to that MIME typein KDE's configuration. If the file type is an executable,kfmclient may execute it.Opera will not save downloaded files with the...

Update your browser: Security fix for Chrome zero-days CVE 2026-3909 & CVE-2026-3910

News, Security Update your browser: Security fix for Chrome zero-days CVE 2026-3909 & CVE-2026-3910 Share March 14th, 2026 Hi everyone! The latest patches to Opera’s browsers address several recent vulnerabilities, including two zero-day exploits CVE 2026-3909 and CVE-2026-3910. We recommend...

Busting VPN myths: What a VPN can do for your privacy and what it can’t

Privacy Busting VPN myths: What a VPN can do for your privacy and what it can’t Share March 6th, 2026 If you’re reading this blog, you have probably heard of or used a VPN before. The truth is, VPNs are incredibly useful! They are one of the most effective tools for protecting your online privacy...

Update your browser: Security fix for Chrome zero-day CVE-2025-14174

News, Security Update your browser: Security fix for Chrome zero-day CVE-2025-14174 Share December 18th, 2025 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2025-14174. We recommend...

OpenSSL 3.0.7 security fix: Should Opera users be worried?

Security OpenSSL 3.0.7 security fix: Should Opera users be worried? Share November 3rd, 2022 Hi everyone! The OpenSSL 3.0.7 security-fix release fixes high-priority vulnerabilities in the OpenSSL open-source cryptography library, specifically CVE-2022-3602 and CVE-2022-3786. The vulnerabilities...

Address bar spoofing in Opera Touch for iOS – Opera Security Advisories

Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing...

Opera may be used as a vector for a font issue in the underlying operating system

A flaw in the font handling on the Windows operating system has been fixed by Microsoft. On unpatched systems, Web fonts may be used to exploit this issue through Opera...

XSLT can be used to retrieve random contents of unrelated documents – Opera Security Advisories

XSLT can be used to retrieve random contents of unrelated documents – Opera Security Advisories OPCOM Team | March 18, 2010 Affected versions This vulnerability affects Opera 10.50. Severity Highly severe Description XSLT is normally subject to strict controls, preventing documents from separate...