Lucene search
K
OperaMost viewed

391 matches found

Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.19 views

Insecure pages can show incorrect security information

When insecure pages load content from secure sites into a frame, they can cause Opera to incorrectly report the insecure site as being secure. The padlock icon will incorrectly be shown, and the security information dialog will state that the connection is secure, but without any certificate...

2.1AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.19 views

A JPEG image with a malformed header can crash Opera

A specially crafted DHT marker in the JPEG file header can causea heap overflow. The malformed image alone will only cause a crash. To exploitthe flaw, the computer's memory must first be filled up withcode of the attacker's choice. This is not trivial to do reliably,so attempted attacks will oft...

1.8AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/07/19 12:0 a.m.19 views

Opera’s HTTP authentication cuts off long server names at the end – Opera Security Advisories

Opera’s HTTP authentication cuts off long server names at the end – Opera Security Advisories OPCOM Team | July 19, 2007 Summary Opera’s HTTP authentication dialog cuts off long server name at the right hand end. Severity: Less severe Problem description Opera’s HTTP authentication dialog is...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2020/11/13 12:0 a.m.18 views

Address bar spoofing in Opera Touch for iOS – Opera Security Advisories

Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing...

4.3CVSS5.8AI score0.00712EPSS
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/10/06 12:0 a.m.18 views

Reloads and redirects can allow spoofing and cross site scripting

Scripts on a page are supposed to be restricted so that they can only interact with other pages from the same domain and security context. Carefully timed reloads and redirects, when combined with appropriate caching, can cause scripts to execute in the wrong security context in Opera. This allow...

1.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.18 views

Double-clicking a link can unexpectedly run a program from the Internet

When a user clicks a link on a Web page that points to an executable file, Opera will show a download dialog to allow the user to download it. The dialog will allow the user to choose to run the executable directly. If the user accidentally double clicks, the second click will activate whatever i...

3.1AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.18 views

TLS protocol vulnerable to Man In The Middle attack

A vulnerability has been discovered in all current versions of the SSL and TLS protocols, that may allow an attacker to inject data and instructions into the HTTPS connection and trick the server to believe the date and instructions came from the client.The attacker accomplishes this by first...

1.4AI score
Exploits0References4Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/08/29 12:0 a.m.18 views

Pages can trick users into uploading files

On some Linux or Unix installations, Opera would pass a dropped file to a file input, making it possible for a page to trick users to upload files without the user's knowledge...

3.3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/08/29 12:0 a.m.18 views

Adress bar is not always updated correctly when collapsed

The collapsed Address bar can in some cases temporarily show the previous domain instead of the domain of the present site...

2.3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2006/10/17 12:0 a.m.18 views

Very large link addresses can cause Opera to crash

An extremely long link address can cause Opera to crash.A specially crafted long link could cause malicious codeto be run on the user's computer...

2.3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2005/12/12 12:0 a.m.18 views

A very long title in a web page can cause a crash on startup

If a Windows user with Input Method Editor IME installedbookmarks a page with an extremely long element,Opera will crash upon next startup. Opera will not recoverfrom this on its own, so the user will not be able to startOpera.This affects Japanese users and others using IME for textinput. It als...

2.8AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2026/05/29 12:0 a.m.17 views

Why browsing with Opera’s VPN is safer

Security Why browsing with Opera’s VPN is safer Share May 29th, 2026 A virtual private network VPN is a great way to protect yourself online, especially on public hotspots. Opera is the first major browser to have a built-in, no-log, unlimited browser VPN that is completely free. So how can you...

8.8CVSS7.4AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2023/09/27 12:0 a.m.17 views

Where to find Opera’s Privacy and Security team online

Security Where to find Opera’s Privacy and Security team online Share September 27th, 2023 Hello everyone! Through this blog, we strive to offer timely updates and important information about Opera and our products. This helps us maintain an open line of communication with our users, particularly...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2020/12/21 12:0 a.m.17 views

Cross-site Scripting in OfA – Opera Security Advisories

URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting XSS attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This...

6.1CVSS6.2AI score0.00634EPSS
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.17 views

Widget properties exposed to third party domains

In some cases, widget properties could be exposed to third party domains, leading to the possibility of leak of widget information, or configuration options for the widget...

1.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/03/17 12:0 a.m.17 views

HTTP Content-Length header can be used to execute arbitrary code

Large values in the HTTP Content-Length header can cause Opera to crash. Certain specific values can cause a memory corruption, which in some cases can allow arbitrary code to be injected and executed. In most cases Opera will just crash. To inject code, additional techniques will have to be...

1.1AI score
Exploits0References1Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/11/20 12:0 a.m.17 views

Error messages can leak onto unrelated sites

Scripting error messages are normally available only to the page that caused the error. In some cases, the error messages could be passed to other sites as the contents of unrelated variables, and may contain sensitive information. If those sites write the content into the page markup, this could...

1.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.17 views

Resized canvas patterns can cause Opera to execute arbitrary code – Opera Security Advisories

Resized canvas patterns can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause...

6.1AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2007/10/16 12:0 a.m.17 views

Scripts can overwrite functions on pages from other domains

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site...

3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2026/05/08 12:0 a.m.16 views

How we keep Opera users and products safe: Inside the role of Head of Security

Security How we keep Opera users and products safe: Inside the role of Head of Security Share May 8th, 2026 We usually think of security only when something goes wrong – whether it’s a suspicious login we noticed, a strange pop-up we got while browsing, or a headline we read about a data breach...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2026/03/14 12:0 a.m.16 views

Update your browser: Security fix for Chrome zero-days CVE 2026-3909 & CVE-2026-3910

News, Security Update your browser: Security fix for Chrome zero-days CVE 2026-3909 & CVE-2026-3910 Share March 14th, 2026 Hi everyone! The latest patches to Opera’s browsers address several recent vulnerabilities, including two zero-day exploits CVE 2026-3909 and CVE-2026-3910. We recommend...

8.8CVSS7AI score0.02EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2026/02/16 12:0 a.m.16 views

Update your browser: Security fix for Chrome zero-day CVE-2026-2441

News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-2441 Share February 16th, 2026 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, Opera Neon, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2026-2441. We...

8.8CVSS7.3AI score0.2202EPSS
Exploits16References1
Opera Security Advisories
Opera Security Advisories
added 2021/05/17 12:0 a.m.16 views

Fuzzing HTTP Proxies: Privoxy, Part 1

Research Fuzzing HTTP Proxies: Privoxy, Part 1 Share May 17th, 2021 Here at Opera, we’re always looking for ways to improve the browsing experience of our users with speed and usability. Perhaps more importantly though, we also look for ways to improve users’ privacy and security. While we...

8.8CVSS7.2AI score0.02108EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2010/10/06 12:0 a.m.16 views

Private video streams can be intercepted

Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the content of the canvas can be safely read out by scripts. In some cases, Opera does not check the video's origin correctly, and may...

1.7AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.16 views

History Search can be used to execute arbitrary code

When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration, allowing them...

1.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.16 views

Specially crafted addresses can execute arbitrary code

If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page...

4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.16 views

Malformed bitmaps can reveal old data from random places in memory

Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Using canvas, the pattern can be read and analyzed by JavaScript, so an attacker can get random samples of the user's memory, which may contain data...

2.2AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/07/19 12:0 a.m.16 views

A malicious torrent can cause Opera to execute arbitrary code

Removing a specially crafted torrent from the download managercan crash Opera. The crash is caused by an erroneous memoryaccess.An attacker needs to entice the user to accept the maliciousBitTorrent download, and later remove it from Opera's downloadmanager. To inject code, additional means will...

3.9AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2005/11/23 12:0 a.m.16 views

Opera may execute command line embedded in URLs

Opera for UNIX uses a wrapper shell script to start up Opera.This shell script reads the input arguments, like the file namesor URLs that Opera is to open. It also performs some environmentchecks, for example whether Java is available and if so, where itis located.This wrapper script can also run...

2.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2022/01/04 12:0 a.m.15 views

Fuzzing HTTP Proxies: Privoxy, Part 3

Research Fuzzing HTTP Proxies: Privoxy, Part 3 Share January 4th, 2022 One of my earlier posts outlined how I had discovered six security vulnerabilities in the Privoxy software using the technique of fuzzing to cause the software to crash. This post outlines how I discovered three more...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2010/08/12 12:0 a.m.15 views

Unexpected changes in tab focus can be used to run programs from the Internet

Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab is closed or hidden at the moment that a user was about to click, they can end up clicking on the buttons in the dialog, causin...

1.5AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.15 views

File inputs can disclose the path to selected files

When a file is selected in a file upload input, the path to that file is not exposed through the input's value property. This is done to protect any sensitive information which may be contained in the directory names. When manipulated by DOM this information should also not be exposed. Certain DO...

0.9AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/03/18 12:0 a.m.15 views

XSLT can be used to retrieve random contents of unrelated documents – Opera Security Advisories

XSLT can be used to retrieve random contents of unrelated documents – Opera Security Advisories OPCOM Team | March 18, 2010 Affected versions This vulnerability affects Opera 10.50. Severity Highly severe Description XSLT is normally subject to strict controls, preventing documents from separate...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2009/02/25 12:0 a.m.15 views

Specially crafted JPEG images can be used to execute arbitrary code

Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code...

3.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/17 12:0 a.m.15 views

Certain characters can be used to allow cross-site scripting

When accepting HTML content from untrusted users, Web sites sometimes employ some kind of filtering to ensure that the content cannot contain scripts. If the content is to be used inside an HTML attribute, characters that separate attributes need to be filtered out to prevent scripted attributes...

0.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.15 views

Fast Forward can allow cross-site scripting – Opera Security Advisories

Fast Forward can allow cross-site scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Platforms All desktop versions Problem Description If a link that uses a JavaScript URL triggers Opera’s Fast Forward feature, when the user activates Fast Forward, the...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2008/12/15 12:0 a.m.15 views

Long hostnames in file: URLs can cause execution of arbitrary code – Opera Security Advisories

Long hostnames in file: URLs can cause execution of arbitrary code – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Highly Severe Problem Description Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remot...

6.4AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2007/08/07 12:0 a.m.15 views

a specially crafted JavaScript can make Opera execute arbitrary code – Opera Security Advisories

a specially crafted JavaScript can make Opera execute arbitrary code – Opera Security Advisories OPCOM Team | August 7, 2007 A specially crafted JavaScript can make Opera execute arbitrary code. Severity: Highly severe Problem description A virtual function call on an invalid pointer that may...

6.2AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2005/12/19 12:0 a.m.15 views

Double-clicking a link can run a program from the Internet

Links in Web pages only require a single click. When a userdouble-clicks on a Web link, that action is taken as twoseparate clicks: One to follow the link, and the other toany dialog that might appear where the link was.A specially crafted page can place the link so that the"Open" button in the...

1.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2025/09/18 12:0 a.m.14 views

Update your browser: Security fix for Chrome zero-day CVE-2025-10585

News, Security Update your browser: Security fix for Chrome zero-day CVE-2025-10585 Share September 18th, 2025 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2025-10585. We recommend...

9.8CVSS7AI score0.05419EPSS
Exploits5References1
Opera Security Advisories
Opera Security Advisories
added 2023/06/15 12:0 a.m.14 views

Update your browser: Security updates address vulnerabilities including latest Chrome bugs

News, Security Update your browser: Security updates address vulnerabilities including latest Chrome bugs Share June 15th, 2023 Hi everyone! The Opera browser, Opera GX and Opera Crypto Browser have just received important updates addressing a number of vulnerabilities and bugs. Among those are t...

8.8CVSS7.3AI score0.13813EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2012/11/02 12:0 a.m.14 views

Data URIs can be used to facilitate Cross-Site Scripting – Opera Security Advisories

Data URIs are only supposed to inherit the scripting origin from the site that creates them, such as by including them as the target of a link or an inline frame in the source of the document. Specific sequences of document and data URI loading can cause Opera to forget which document created the...

5.5AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2009/09/01 12:0 a.m.14 views

*.com accepted as wildcard match in SSL/TLS name matching

Certificate authorities are expected to vet all certificate registrations, but may fail to prevent fraudulent or erroneous registrations. Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such...

2AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.14 views

Opera security upgrade for Linux, Solaris and FreeBSD

A security issue in the Adobe Flash Player running in Opera on Linux, Solaris or FreeBSD has been found. Details about the vulnerability will be disclosed at a later date...

1.1AI score
Exploits0References1Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.14 views

Resized canvas patterns can cause Opera to execute arbitrary code

HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause Opera to crash. This crash can sometimes cause memory corruption. To inject code, additional techniques will have to be employed...

1.3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.14 views

Newsfeed prompt can cause Opera to execute arbitrary code

When Opera encounters a newsfeed source on a Web page, it prompts to add the source as a newsfeed. A script can manipulate the feed source in a way that can cause Opera to crash. The crash is caused by an erroneous memory access. To inject code, additional techniques will have to be employed...

3.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.14 views

The links panel can allow cross-site scripting

The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated...

1AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.14 views

Specially crafted addresses can execute arbitrary code – Opera Security Advisories

Specially crafted addresses can execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, th...

6.2AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.14 views

Rich editing allows cross domain scripting – Opera Security Advisories

Rich editing allows cross domain scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Problem Description Rich editing using designMode allows page contents to be edited. Pages can use this ability to inject scripts into pages from other domains. This allows cross domain scripting...

5.5AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2008/12/15 12:0 a.m.14 views

HTML parsing flaw can cause Opera to execute arbitrary code – Opera Security Advisories

HTML parsing flaw can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Extremely Severe Problem Description Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional...

6.1AI score
Exploits0References1
Total number of security vulnerabilities391