388 matches found
Rich editing allows cross domain scripting
Rich editing using designMode allows page contents to be edited. Pages can use this ability to inject scripts into pages from other domains. This allows cross domain scripting...
Simulated text inputs can trick users into uploading arbitrary files
When a user types into a file input, scripts can cause some of the keystrokes to be ignored. If the script can convince the user that they are typing into a normal text input, and not let them see that their keystrokes are being ignored, it can cause the input to point to known file paths on the...
Long hostnames in file: URLs can cause execution of arbitrary code – Opera Security Advisories
Long hostnames in file: URLs can cause execution of arbitrary code – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Highly Severe Problem Description Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remot...
Long hostnames in file: URLs can cause execution of arbitrary code
Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remote Web pages cannot refer to file: URLs, so successful exploitation involves tricking users into manually opening the exploit URL, or a local file that refers to it...
a specially crafted JavaScript can make Opera execute arbitrary code – Opera Security Advisories
a specially crafted JavaScript can make Opera execute arbitrary code – Opera Security Advisories OPCOM Team | August 7, 2007 A specially crafted JavaScript can make Opera execute arbitrary code. Severity: Highly severe Problem description A virtual function call on an invalid pointer that may...
A malicious torrent can cause Opera to execute arbitrary code – Opera Security Advisories
A malicious torrent can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | July 19, 2007 Summary A malicious torrent file can cause Opera to execute arbitrary code. Severity: High Problem description Removing a specially crafted torrent from the download managercan cra...
How Opera’s Security team helps make the web safer through responsible disclosure
Security How Opera’s Security team helps make the web safer through responsible disclosure Share April 17th, 2026 Hi everyone! At Opera, we have 30 years of experience in building safe and secure browsers. Our seasoned Security team collaborates internally as well as with external researchers to...
Update your browser: Security fix for Chrome zero-day CVE-2026-5281
News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-5281 Share April 4th, 2026 Hi everyone! The latest patches to Opera’s browsers address several recent vulnerabilities, including a zero-day exploit CVE-2026-5281. We recommend updating your browsers to the latest versio...
Update your browser: Security fix for Chrome zero-day CVE-2026-2441
News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-2441 Share February 16th, 2026 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, Opera Neon, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2026-2441. We...
Data Privacy Day: Inside the role of Data Protection Officer at Opera
Privacy Data Privacy Day: Inside the role of Data Protection Officer at Opera Share January 28th, 2026 Privacy matters all year round. But every January, Data Privacy Day is a great opportunity to learn more about data privacy and protection, and to highlight their importance for everyone in the...
GameMaker security update: Patch now to prevent DoS attacks
Security GameMaker security update: Patch now to prevent DoS attacks Share October 30th, 2025 Today we’re looking at a vulnerability discovered in GameMaker, the game development tool that streamlines and simplifies game dev for all users, regardless of skill level. The vulnerability in question...
Protecting your privacy: Opera has completed an independent no-log audit of its free browser VPN
Privacy Protecting your privacy: Opera has completed an independent no-log audit of its free browser VPN Share September 25th, 2024 Hi Opera users! We are excited to announce that we have successfully completed an independent audit of our no-log policy for Opera’s free browser VPN available on...
Resolving the “screen capture” notification issue on MacOS Sonoma
News, Privacy Resolving the “screen capture” notification issue on MacOS Sonoma Share October 2nd, 2023 Hey everyone! We recently became aware of an issue that appears for some users of Sonoma, or MacOS 14 – the latest version of MacOS currently rolling out to Macs worldwide. It seems that upon...
Update your browser: Security fix for latest Chrome zero-day
News, Security Update your browser: Security fix for latest Chrome zero-day Share September 29th, 2023 Hi everyone! Opera browsers have received important updates addressing a number of vulnerabilities and bugs. Among those is the following zero-day vulnerability detected by security researchers,...
Fuzzing HTTP Proxies: Privoxy, Part 3
Research Fuzzing HTTP Proxies: Privoxy, Part 3 Share January 4th, 2022 One of my earlier posts outlined how I had discovered six security vulnerabilities in the Privoxy software using the technique of fuzzing to cause the software to crash. This post outlines how I discovered three more...
$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser
Research $8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser Share September 24th, 2021 Continuing from hisprevious post, Bug Bounty Hunter Renwa writes about the second vulnerability he submitted to Opera’s Private Bug Bounty Programme: a Remote Code Execution in Opera’s My Flow Feature...
Cross-site Scripting in OfA – Opera Security Advisories
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting XSS attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This...
Opera mitigates critical CPU vulnerabilities
Security Opera mitigates critical CPU vulnerabilities Share January 4th, 2018 There is a lot of uncertainty right now about the impact of the hardware security issue named Meltdown. There will be a scheduled release of Opera which will contain a first set of workarounds as soon as the browser is...
Possibly Tricking Users – The Perils of Drag n Drop Decadence
Security Possibly Tricking Users – The Perils of Drag n Drop Decadence Share May 12th, 2014 In the recent Opera 21 Stable release, we fixed a number of bugs relating to the address field. Normally, we would not want to give away too much about a security issue, as it would give a potential attack...
Security changes and features of Opera 18
News Security changes and features of Opera 18 Share December 4th, 2013 Opera 18 is now out on the stable channel, so we wanted to take a moment to go through some of the new features from a security perspective. Media Access One of the new features is media access. That is; camera and microphone...
RC4 encryption protocol is vulnerable to certain brute force attacks – Opera Security Advisories
Weaknesses in the RC4 encryption protocol have been found, allowing an attacker to deduce the plaintext. If the same message is encrypted many millions of times, statistical methods can be used to extract valuable information, such as cookies. Due to the time this amount of requests takes, this i...
Use of SVG clipPaths can allow execution of arbitrary code – Opera Security Advisories
When SVG documents with specifically prepared clipPaths are used in Opera, Opera may allow other content to overwrite the memory, before referencing the memory, which will lead to a crash. If an attacker can control the contents being written into memory, execution of arbitrary code may occur...
CORS requests can omit the preflight request – Opera Security Advisories
Cross-Origin Resource Sharing CORS requests are required to send a preflight request if custom headers are included, to check that the host wishes to allow the full request to be made. An example of where this may be needed is for sites that use a custom header with a static value as part of thei...
Specially crafted SVG images can allow execution of arbitrary code – Opera Security Advisories
Opera can display images created using the Scalable Vector Graphics SVG format. Specially crafted and malformed SVG images may cause Opera to crash when their documents are unloaded, and the crash may allow execution of malicious arbitrary code. To inject code, additional techniques will have to ...
Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code – Opera Security Advisories
Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code – Opera Security Advisories OPCOM Team | September 8, 2010 Severity High Description Opera uses dynamic link libraries DLLs of its own, and several provided by the host operating system or plug-ins. In some cases,...
Multiple asynchronous document modifications can be used to execute arbitrary code – Opera Security Advisories
Multiple asynchronous document modifications can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | April 28, 2010 Affected versions This vulnerability affects Opera for Windows and Mac. Severity Extremely Severe Description Multiple asynchronous calls to a script that...
Java applets can be used to read sensitive information – Opera Security Advisories
Java applets can be used to read sensitive information – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Highly Severe Problem Description Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it...
Specially crafted addresses can execute arbitrary code – Opera Security Advisories
Specially crafted addresses can execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, th...
Images can be read cross-domain with canvas
HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the image data should no longer be available to scripts. A flaw exists in the way that Opera checks for the source of these images. Suitable...
Malicious torrent files can execute arbitrary code in Opera – Opera Security Advisories
Malicious torrent files can execute arbitrary code in Opera – Opera Security Advisories OPCOM Team | May 24, 2007 Summary A malicious torrent file can cause Opera to execute arbitrary code. Severity: Highly critical Problem description A specially crafted torrent file can cause a buffer overflow ...
(Updated) Specially crafted JPEG images enables the execution of arbitrary code. – Opera Security Advisories
Updated Specially crafted JPEG images enables the execution of arbitrary code. – Opera Security Advisories OPCOM Team | July 5, 2006 Summary A specially crafted JPEG image can enable the execution ofarbitrary code. Severity: Critical Affected versions: Versions prior to 9.0 of Opera forMicrosoft...
Malicious WMF files stored in Opera’s cache can infect Windows – Opera Security Advisories
Malicious WMF files stored in Opera’s cache can infect Windows – Opera Security Advisories OPCOM Team | January 13, 2006 Summary Windows Meta Files .wmf can contain executable code. A specially craftedWMF file can infect Microsoft Windows with malicious software when it is openedwith Windows’ own...
Phishing attack possible with a delayed JavaScript prompt – Opera Security Advisories
Phishing attack possible with a delayed JavaScript prompt – Opera Security Advisories OPCOM Team | January 5, 2005 Severity: Moderate/low Problem description A malicious page can be crafted to send the userto his banking site, and shortly afterwardsdisplay a dialog enticing the user to type inhis...
Update your browser: Security fix for Chrome zero-day CVE-2025-13223
News, Security Update your browser: Security fix for Chrome zero-day CVE-2025-13223 Share November 20th, 2025 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2025-13223. We recommend...
Prompt injection in Opera Neon: Rapid response through responsible disclosure
Security Prompt injection in Opera Neon: Rapid response through responsible disclosure Share October 23rd, 2025 Hi Opera users, This week, we were able to address a real-world security scenario on Opera Neon thanks to the work of a security researcher team. The researchers reached out to us throu...
Update your browser: Security fix for Chrome zero-day CVE-2025-10585
News, Security Update your browser: Security fix for Chrome zero-day CVE-2025-10585 Share September 18th, 2025 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2025-10585. We recommend...
Update your browser: Security fix for Chrome zero-day CVE-2025-6558
News, Security Update your browser: Security fix for Chrome zero-day CVE-2025-6558 Share July 17th, 2025 Hi everyone! The latest patches to the Opera, Opera GX, and Opera Air address several recent vulnerabilities, including a zero-day exploit CVE-2025-6558. We recommend updating your browsers to...
Update your browser: Security fix for Chrome zero-day CVE-2025-6554
News, Security Update your browser: Security fix for Chrome zero-day CVE-2025-6554 Share July 3rd, 2025 Hi everyone! The latest patches to the Opera, Opera GX, Opera Air, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2025-6554. We recommend updatin...
Update your browser: Security fixes for latest Chrome zero-day
News, Security Update your browser: Security fixes for latest Chrome zero-day Share March 27th, 2025 Hi everyone! The latest patches to the Opera and Opera GX address several recent vulnerabilities, including a zero-day exploit CVE-2025-2783. We recommend updating your browsers to the latest...
Update your browser: Security fixes for latest Chrome zero-day
News, Security Update your browser: Security fixes for latest Chrome zero-day Share January 18th, 2024 Hi everyone! The latest patches to the Opera, Opera GX, Opera Crypto, and Opera for Android browsers address several recent vulnerabilities, including a zero-day exploit CVE-2024-0519. We...
Update your browser: Security fixes for latest Chrome zero-day
News, Security Update your browser: Security fixes for latest Chrome zero-day Share December 22nd, 2023 Hi everyone! The latest patches to the Opera, Opera GX, Opera Crypto, and Opera for Android browsers address several recent vulnerabilities, including a zero-day exploit CVE-2023-7024. We...
Update your browser: Security fixes for latest Chrome bugs
News, Security Update your browser: Security fixes for latest Chrome bugs Share December 1st, 2023 Hi everyone! The latest patches to the Opera, Opera GX, and Opera Crypto browsers address several recent vulnerabilities, including a zero-day exploit CVE-2023-6345. We recommend updating your...
Where to find Opera’s Privacy and Security team online
Security Where to find Opera’s Privacy and Security team online Share September 27th, 2023 Hello everyone! Through this blog, we strive to offer timely updates and important information about Opera and our products. This helps us maintain an open line of communication with our users, particularly...
Update your browser: Security fixes for latest Chrome bugs
News, Security Update your browser: Security fixes for latest Chrome bugs Share August 10th, 2023 Hi everyone! Opera, Opera GX, and Opera Crypto Browser have received important updates addressing a number of vulnerabilities and bugs. Among those are the following important vulnerabilities detecte...
New Opera 93 Stable update includes fix for latest Chromium zero-day
Security New Opera 93 Stable update includes fix for latest Chromium zero-day Share December 2nd, 2022 Hi everyone! Opera for Windows and Mac have received Stable updates 93.0.4585.37 and 93.0.4585.39 respectively. Among other things, these updates include Chromium update 107.0.5304.122, which...
Safe Browsing now on Opera for Android
Security Safe Browsing now on Opera for Android Share November 11th, 2022 Hi Android users! We’re happy to share that Opera for Android 72 now features Safe Browsing to keep you even safer when browsing or shopping online on your Android device. Safe Browsing protects your online experience by...
Bug Bounty Adventures: A NodeBB 0-day
Research Bug Bounty Adventures: A NodeBB 0-day Share March 25th, 2022 Opera maintains both apublic bug bounty program, and a private program, where security researchers can submit security issues they have found in Opera’s products for cash rewards. We like to highlight some of the issues that ha...
Earn up to $10K from the Opera Bug Bounty program
Security Earn up to $10K from the Opera Bug Bounty program Share April 30th, 2021 Join the Opera Bug Bounty program, find vulnerabilities in scope, tell us how you did it, and collect rewards. We pay up to $10K for confirmed high-value submissions. Opera has two bug bounty programs operated by...
Bug bounty open for Opera Android apps!
News Bug bounty open for Opera Android apps! Share November 20th, 2018 We are happy to announce that our applications are now covered by the Google Play Security Reward Program. Researchers are invited to help us improve the security of our chosen products in return for fame and up to $5,000!...
Upcoming update with IDN homograph phishing fix
Security Upcoming update with IDN homograph phishing fix Share April 21st, 2017 Domains are an integral part of the internet. Similar to how people write different languages using different characters or scripts, domain names can be composed of various scripts in whole or in part, and are called...