Lucene search
K
OperaMost viewed

391 matches found

Opera Security Advisories
Opera Security Advisories
added 2007/10/16 12:0 a.m.14 views

External news readers and e-mail clients can be used to execute arbitrary code

If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code...

5.1AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/10/16 12:0 a.m.14 views

Scripts can overwrite functions on pages from other domains – Opera Security Advisories

Scripts can overwrite functions on pages from other domains – Opera Security Advisories OPCOM Team | October 16, 2007 Scripts can overwrite functions on pages from other domains. Severity: Highly Severe Affected Versions All versions of Opera for Desktop prior to Opera 9.24. Problem Description...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2006/09/21 12:0 a.m.14 views

A forged SSL server certificate can be accepted by Opera as a valid certificate

A specially crafted digital certificate can bypass Opera'scertificate signature verification. Forged certificatescan contain any false information the forger chooses, andOpera will still present it as valid. Opera will not presentany warning dialogs in this case, and the security statuswill be th...

2.1AI score
Exploits0References2Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2006/01/13 12:0 a.m.14 views

Malicious WMF files stored in Opera’s cache can infect Windows – Opera Security Advisories

Malicious WMF files stored in Opera’s cache can infect Windows – Opera Security Advisories OPCOM Team | January 13, 2006 Summary Windows Meta Files .wmf can contain executable code. A specially craftedWMF file can infect Microsoft Windows with malicious software when it is openedwith Windows’ own...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2005/09/29 12:0 a.m.14 views

Malicious setRequestHeader cross-site vulnerability

A malicious setRequestHeader can be used to stealuser credentials and inject cross-site JavaScript...

2.1AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2025/03/27 12:0 a.m.13 views

Update your browser: Security fixes for latest Chrome zero-day

News, Security Update your browser: Security fixes for latest Chrome zero-day Share March 27th, 2025 Hi everyone! The latest patches to the Opera and Opera GX address several recent vulnerabilities, including a zero-day exploit CVE-2025-2783. We recommend updating your browsers to the latest...

8.8CVSS7.2AI score0.08404EPSS
Exploits10References1
Opera Security Advisories
Opera Security Advisories
added 2018/11/20 12:0 a.m.13 views

Bug bounty open for Opera Android apps!

News Bug bounty open for Opera Android apps! Share November 20th, 2018 We are happy to announce that our applications are now covered by the Google Play Security Reward Program. Researchers are invited to help us improve the security of our chosen products in return for fame and up to $5,000!...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2013/01/29 12:0 a.m.13 views

CORS requests can omit the preflight request – Opera Security Advisories

Cross-Origin Resource Sharing CORS requests are required to send a preflight request if custom headers are included, to check that the host wishes to allow the full request to be made. An example of where this may be needed is for sites that use a custom header with a static value as part of thei...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/11/19 12:0 a.m.13 views

Error pages can be used to guess local file paths – Opera Security Advisories

Remote web pages should not be able to detect what files a user has on their local machine. Certain error pages do not apply this restriction correctly, allowing web pages to produce an error page where a script can run. The script can then use various events to detect whether files on the user’s...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/11/02 12:0 a.m.13 views

Specially crafted SVG images can allow execution of arbitrary code – Opera Security Advisories

Opera can display images created using the Scalable Vector Graphics SVG format. Specially crafted and malformed SVG images may cause Opera to crash when their documents are unloaded, and the crash may allow execution of malicious arbitrary code. To inject code, additional techniques will have to ...

6AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2011/01/28 12:0 a.m.13 views

The wrong executable may be used to display a downloaded file in its folder – Opera Security Advisories

The wrong executable may be used to display a downloaded file in its folder – Opera Security Advisories OPCOM Team | January 28, 2011 Severity Low Affected versions This issue affects Opera for Microsoft Windows. Description Opera’s downloads manager allows users to select a file, and open the...

7.6CVSS5.8AI score0.04513EPSS
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/10/06 12:0 a.m.13 views

Private video streams can be intercepted – Opera Security Advisories

Private video streams can be intercepted – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Moderate Description Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/09/08 12:0 a.m.13 views

Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code

Opera uses dynamic link libraries DLLs of its own, and several provided by the host operating system or plug-ins. In some cases, Opera searches for these DLLs in the same location as a resource that is being loaded, and if a malicious DLL is located, it will load that as if it were a trusted DLL...

1.9AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/08/12 12:0 a.m.13 views

Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code

Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code,...

2.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2010/01/11 12:0 a.m.13 views

Cross-domain data theft with CSS load

CSS can be loaded cross-domain, and in some cases it is be possible to read the data pointed to, leading to the possibility of cross-domain data theft...

1.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/08/29 12:0 a.m.13 views

Sites using revoked intermediate certificates might be shown as secure

Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure...

2.5AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/02/13 12:0 a.m.13 views

TLS certificates can be used to execute arbitrary code

When connecting to a TLS-protected website, Opera parses the X.509 certificate. If a site uses a specially crafted Subject Alternative Name in the certificate, it can cause Opera to crash. To inject code, additional means will have to be employed...

4.9AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.13 views

Feed preview can reveal contents of unrelated news feeds

When Opera is previewing a news feed, some scripts are not correctly blocked. These scripts are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information...

1.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.13 views

History Search can reveal browsing history

Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to look through the user's browsing history, including the contents of the pages they have visited. These may contain sensitive information...

0.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.13 views

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting

Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own character encoding.A malicious page that uses the UTF-7 character encoding can includeother sites, for example inside iframes. This can be exploited toperform cross-site scripting...

2.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.13 views

Startup crash can allow execution of arbitrary code

When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this way can cause Opera to crash. To inject code, additional techniques will have to be employed...

3.1AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.13 views

Image properties can be used to execute scripts – Opera Security Advisories

Image properties can be used to execute scripts – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2007/08/07 12:0 a.m.13 views

a specially crafted JavaScript can make Opera execute arbitrary code

A virtual function call on an invalid pointer that may referencedata crafted by the attacker can be used to execute arbitrary code...

3.8AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/05/24 12:0 a.m.13 views

Malicious torrent files can execute arbitrary code in Opera – Opera Security Advisories

Malicious torrent files can execute arbitrary code in Opera – Opera Security Advisories OPCOM Team | May 24, 2007 Summary A malicious torrent file can cause Opera to execute arbitrary code. Severity: Highly critical Problem description A specially crafted torrent file can cause a buffer overflow ...

6.5AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2005/01/05 12:0 a.m.13 views

Phishing attack possible with a delayed JavaScript prompt – Opera Security Advisories

Phishing attack possible with a delayed JavaScript prompt – Opera Security Advisories OPCOM Team | January 5, 2005 Severity: Moderate/low Problem description A malicious page can be crafted to send the userto his banking site, and shortly afterwardsdisplay a dialog enticing the user to type inhis...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2026/04/17 12:0 a.m.12 views

How Opera’s Security team helps make the web safer through responsible disclosure

Security How Opera’s Security team helps make the web safer through responsible disclosure Share April 17th, 2026 Hi everyone! At Opera, we have 30 years of experience in building safe and secure browsers. Our seasoned Security team collaborates internally as well as with external researchers to...

8.8CVSS7.7AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2026/04/04 12:0 a.m.12 views

Update your browser: Security fix for Chrome zero-day CVE-2026-5281

News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-5281 Share April 4th, 2026 Hi everyone! The latest patches to Opera’s browsers address several recent vulnerabilities, including a zero-day exploit CVE-2026-5281. We recommend updating your browsers to the latest versio...

8.8CVSS6.9AI score0.05036EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2025/11/20 12:0 a.m.12 views

Update your browser: Security fix for Chrome zero-day CVE-2025-13223

News, Security Update your browser: Security fix for Chrome zero-day CVE-2025-13223 Share November 20th, 2025 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2025-13223. We recommend...

8.8CVSS7.3AI score0.04835EPSS
Exploits5References1
Opera Security Advisories
Opera Security Advisories
added 2025/07/10 12:0 a.m.12 views

Why browsing with Opera’s VPN is safer

Security Why browsing with Opera’s VPN is safer Share July 10th, 2025 A virtual private network VPN is a great way to protect yourself online, especially on public hotspots. Opera is the first major browser to have a built-in, no-log, unlimited browser VPN that is completely free. So how can you...

8.8CVSS7.2AI score0.2202EPSS
Exploits12References1
Opera Security Advisories
Opera Security Advisories
added 2024/12/11 12:0 a.m.12 views

How Opera for Android’s revamped ad blocker improves your browsing experience

News, Privacy How Opera for Android’s revamped ad blocker improves your browsing experience Share December 11th, 2024 Hi Opera users! At Opera, we know how intrusive advertising can disrupt your browsing experience by turning it into a frustrating maze of pop-ups. That’s why we have included a...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2024/10/30 12:0 a.m.12 views

Addressing the “CrossBarking” vulnerability discovered in collaboration with Guardio

News, Security Addressing the “CrossBarking” vulnerability discovered in collaboration with Guardio Share October 30th, 2024 Hi Opera users! Over time, we have shared details about how we approach security vulnerabilities, and especially how we work with external security researchers to identify...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2024/01/18 12:0 a.m.12 views

Update your browser: Security fixes for latest Chrome zero-day

News, Security Update your browser: Security fixes for latest Chrome zero-day Share January 18th, 2024 Hi everyone! The latest patches to the Opera, Opera GX, Opera Crypto, and Opera for Android browsers address several recent vulnerabilities, including a zero-day exploit CVE-2024-0519. We...

8.8CVSS7.3AI score0.21697EPSS
Exploits5References1
Opera Security Advisories
Opera Security Advisories
added 2023/12/22 12:0 a.m.12 views

Update your browser: Security fixes for latest Chrome zero-day

News, Security Update your browser: Security fixes for latest Chrome zero-day Share December 22nd, 2023 Hi everyone! The latest patches to the Opera, Opera GX, Opera Crypto, and Opera for Android browsers address several recent vulnerabilities, including a zero-day exploit CVE-2023-7024. We...

8.8CVSS7.1AI score0.4351EPSS
Exploits7References1
Opera Security Advisories
Opera Security Advisories
added 2023/10/02 12:0 a.m.12 views

Resolving the “screen capture” notification issue on MacOS Sonoma

News, Privacy Resolving the “screen capture” notification issue on MacOS Sonoma Share October 2nd, 2023 Hey everyone! We recently became aware of an issue that appears for some users of Sonoma, or MacOS 14 – the latest version of MacOS currently rolling out to Macs worldwide. It seems that upon...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2022/12/02 12:0 a.m.12 views

New Opera 93 Stable update includes fix for latest Chromium zero-day

Security New Opera 93 Stable update includes fix for latest Chromium zero-day Share December 2nd, 2022 Hi everyone! Opera for Windows and Mac have received Stable updates 93.0.4585.37 and 93.0.4585.39 respectively. Among other things, these updates include Chromium update 107.0.5304.122, which...

9.6CVSS7.7AI score0.31864EPSS
Exploits5References1
Opera Security Advisories
Opera Security Advisories
added 2013/12/04 12:0 a.m.12 views

Security changes and features of Opera 18

News Security changes and features of Opera 18 Share December 4th, 2013 Opera 18 is now out on the stable channel, so we wanted to take a moment to go through some of the new features from a security perspective. Media Access One of the new features is media access. That is; camera and microphone...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2013/07/04 12:0 a.m.12 views

Replaced code signing certificate – Opera Security Advisories

Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signing certificate for desktop binaries and the signing...

5.9AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/06/12 12:0 a.m.12 views

A combination of clicks and key presses can lead to cross site scripting or code execution – Opera Security Advisories

When a user double clicks on a page, they may expect the two clicks to target the same object. If a page uses the first click to open a pop-up window in a predictable location, the second click may focus parts of the new window, such as its address field. If the page can then convince the user to...

5.3AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/03/26 12:0 a.m.12 views

Web page dialogs can be used to to display the wrong address in the address field – Opera Security Advisories

The address field should always show the correct address for the page that is loaded. If a page can cause Opera to display certain dialogs relating to a target site, the dialog may in some cases cause Opera to display the target site’s address instead of the correct address. This can allow an...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/08/12 12:0 a.m.12 views

Unexpected changes in tab focus can be used to run programs from the Internet – Opera Security Advisories

Unexpected changes in tab focus can be used to run programs from the Internet – Opera Security Advisories OPCOM Team | August 12, 2010 Severity Moderate Description Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/06/29 12:0 a.m.12 views

File inputs can disclose the path to selected files – Opera Security Advisories

File inputs can disclose the path to selected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitiv...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/04/28 12:0 a.m.12 views

Multiple asynchronous document modifications can be used to execute arbitrary code – Opera Security Advisories

Multiple asynchronous document modifications can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | April 28, 2010 Affected versions This vulnerability affects Opera for Windows and Mac. Severity Extremely Severe Description Multiple asynchronous calls to a script that...

6.1AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2009/10/27 12:0 a.m.12 views

Opera may allow scripts to access feeds

Opera may allow scripts to run on the feed subscription page, thereby gaining access to the feeds object. This can be used for automatic subscription of feeds, or reading other feeds...

1.9AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2009/10/27 12:0 a.m.12 views

Certain domain names can allow execution of arbitrary code

Specially crafted domain names can cause a memory corruption in Opera, which may lead to a crash. Successful exploitation can lead to execution of arbitrary code...

4.5AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.12 views

Feed subscription can cause the wrong page address to be displayed

It has been reported that when a user subscribes to a news feed using the feed subscription button, the page address can be changed. This causes the address field not to update correctly. Although this can mean that that misleading information can be displayed in the address field, it can only...

0.3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.12 views

Rich editing allows cross domain scripting

Rich editing using designMode allows page contents to be edited. Pages can use this ability to inject scripts into pages from other domains. This allows cross domain scripting...

2AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/07/19 12:0 a.m.12 views

Opera's HTTP authentication cuts off long server names at the end

Opera's HTTP authentication dialog is displayed when the user enters a Web pagethat requires a login name and a password. To inform the user which server itwas that asked for login credentials, the dialog displays the server name.The user has to see the entire server name. A truncated name can be...

0.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/07/19 12:0 a.m.12 views

data: URLs can spoof trusted trusted sites

data: URLs embed data inside them, instead of linking to an externalresource. Opera can mistakenly display the end of a data URL insteadof the beginning. This allows an attacker to spoof the URL of atrusted site...

3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2007/07/19 12:0 a.m.12 views

A malicious torrent can cause Opera to execute arbitrary code – Opera Security Advisories

A malicious torrent can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | July 19, 2007 Summary A malicious torrent file can cause Opera to execute arbitrary code. Severity: High Problem description Removing a specially crafted torrent from the download managercan cra...

6.2AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2007/02/09 12:0 a.m.12 views

Vulnerability in Opera's use of kfmclient

The kfmclient is a part of the KDE desktop environment.It inspects the file given to it to determine its MIMEtype, and performs the action assigned to that MIME typein KDE's configuration. If the file type is an executable,kfmclient may execute it.Opera will not save downloaded files with the...

1AI score
Exploits0Affected Software1
Total number of security vulnerabilities391