Lucene search
K
OperaMost viewed

391 matches found

Opera Security Advisories
Opera Security Advisories
added 2007/02/09 12:0 a.m.12 views

Data URLs with executables and misleading download dialog – Opera Security Advisories

Data URLs with executables and misleading download dialog – Opera Security Advisories OPCOM Team | February 9, 2007 Severity: Moderate Summary A data URL RCF 2397 containing an executable file maycause Opera to mislead the user. Opera’s download dialogwill in some cases say “Open with NOTEPAD.EXE...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2025/12/18 12:0 a.m.11 views

Update your browser: Security fix for Chrome zero-day CVE-2025-14174

News, Security Update your browser: Security fix for Chrome zero-day CVE-2025-14174 Share December 18th, 2025 Hi everyone! The latest patches to Opera, Opera GX, Opera Air, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2025-14174. We recommend...

8.8CVSS7.2AI score0.22721EPSS
Exploits14References1
Opera Security Advisories
Opera Security Advisories
added 2025/10/30 12:0 a.m.11 views

GameMaker security update: Patch now to prevent DoS attacks

Security GameMaker security update: Patch now to prevent DoS attacks Share October 30th, 2025 Today we’re looking at a vulnerability discovered in GameMaker, the game development tool that streamlines and simplifies game dev for all users, regardless of skill level. The vulnerability in question...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2025/10/23 12:0 a.m.11 views

Prompt injection in Opera Neon: Rapid response through responsible disclosure

Security Prompt injection in Opera Neon: Rapid response through responsible disclosure Share October 23rd, 2025 Hi Opera users, This week, we were able to address a real-world security scenario on Opera Neon thanks to the work of a security researcher team. The researchers reached out to us throu...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2025/07/17 12:0 a.m.11 views

Update your browser: Security fix for Chrome zero-day CVE-2025-6558

News, Security Update your browser: Security fix for Chrome zero-day CVE-2025-6558 Share July 17th, 2025 Hi everyone! The latest patches to the Opera, Opera GX, and Opera Air address several recent vulnerabilities, including a zero-day exploit CVE-2025-6558. We recommend updating your browsers to...

8.8CVSS7.2AI score0.09185EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2025/07/03 12:0 a.m.11 views

Update your browser: Security fix for Chrome zero-day CVE-2025-6554

News, Security Update your browser: Security fix for Chrome zero-day CVE-2025-6554 Share July 3rd, 2025 Hi everyone! The latest patches to the Opera, Opera GX, Opera Air, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2025-6554. We recommend updatin...

8.8CVSS7AI score0.06564EPSS
Exploits9References1
Opera Security Advisories
Opera Security Advisories
added 2023/09/29 12:0 a.m.11 views

Update your browser: Security fix for latest Chrome zero-day

News, Security Update your browser: Security fix for latest Chrome zero-day Share September 29th, 2023 Hi everyone! Opera browsers have received important updates addressing a number of vulnerabilities and bugs. Among those is the following zero-day vulnerability detected by security researchers,...

8.8CVSS7.4AI score0.49013EPSS
Exploits7References1
Opera Security Advisories
Opera Security Advisories
added 2022/11/03 12:0 a.m.11 views

OpenSSL 3.0.7 security fix: Should Opera users be worried?

Security OpenSSL 3.0.7 security fix: Should Opera users be worried? Share November 3rd, 2022 Hi everyone! The OpenSSL 3.0.7 security-fix release fixes high-priority vulnerabilities in the OpenSSL open-source cryptography library, specifically CVE-2022-3602 and CVE-2022-3786. The vulnerabilities...

8.8CVSS7.8AI score0.92488EPSS
Exploits10References1
Opera Security Advisories
Opera Security Advisories
added 2022/03/25 12:0 a.m.11 views

Bug Bounty Adventures: A NodeBB 0-day

Research Bug Bounty Adventures: A NodeBB 0-day Share March 25th, 2022 Opera maintains both apublic bug bounty program, and a private program, where security researchers can submit security issues they have found in Opera’s products for cash rewards. We like to highlight some of the issues that ha...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2021/09/08 12:0 a.m.11 views

Bug Bounty Guest Post: Local File Read via Stored XSS in The Opera Browser

Research Bug Bounty Guest Post: Local File Read via Stored XSS in The Opera Browser Share September 8th, 2021 Opera manages aBug Bounty program where researchers can report vulnerabilities in Opera’s software and be rewarded for it. For high-quality reports, we like to invite researchers to write...

8.8CVSS7.4AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2021/04/30 12:0 a.m.11 views

Earn up to $10K from the Opera Bug Bounty program

Security Earn up to $10K from the Opera Bug Bounty program Share April 30th, 2021 Join the Opera Bug Bounty program, find vulnerabilities in scope, tell us how you did it, and collect rewards. We pay up to $10K for confirmed high-value submissions. Opera has two bug bounty programs operated by...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2020/11/23 12:0 a.m.11 views

Address bar spoofing in Opera Mini for Android – Opera Security Advisories

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing...

4.7CVSS5.8AI score0.0026EPSS
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2020/10/29 12:0 a.m.11 views

To VPN or not to VPN?

Security To VPN or not to VPN? Share October 29th, 2020 Alice and Bob use VPN to fight Mallory, an inquisitive sysadmin. TL;DR: skip to the conclusions to see what Alice learned. The Privacy Problem Alice and Bob recently met Mallory, who works at the cable company providing internet access to th...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2018/01/04 12:0 a.m.11 views

Opera mitigates critical CPU vulnerabilities

Security Opera mitigates critical CPU vulnerabilities Share January 4th, 2018 There is a lot of uncertainty right now about the impact of the hardware security issue named Meltdown. There will be a scheduled release of Opera which will contain a first set of workarounds as soon as the browser is...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2015/06/09 12:0 a.m.11 views

Unjam the logjam

Security Unjam the logjam Share June 9th, 2015 When a browser and website communicate over a secure connection, they encrypt and decrypt the data using a shared symmetric encryption key; the same key is used for encryption and decryption. In order for the browser and server to make sure they use...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2013/12/11 12:0 a.m.11 views

Breach incident

News Breach incident Share December 11th, 2013 At Opera, we strive to be open, and we want to continue this tradition, by sharing with you what happens here. High profile companies like Opera are under continuous attack by hackers trying to break into their systems, and we want to tell you about ...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2012/12/17 12:0 a.m.11 views

Repeated attempts to access a target site can trigger address field spoofing – Opera Security Advisories

The browser address field should always show the correct address for the page that is currently being displayed. By making repeated requests to load a target site in rapid succession, an attacking web site can cause Opera to display the target sites address while the attacking page is still being...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/11/02 12:0 a.m.11 views

Cross domain access to object constructors can be used to facilitate cross-site scripting – Opera Security Advisories

JavaScripts are able to redefine and override the methods of native objects. They may also do this with the native objects of any document that shares the same origin. By redefining the methods of another document through the constructor property of the document’s host objects, a malicious script...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/11/02 12:0 a.m.11 views

CORS requests can incorrectly retrieve contents of cross origin pages – Opera Security Advisories

CORS Cross-Origin Resource Sharing allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target site sends the...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/06/12 12:0 a.m.11 views

Cross-domain JSON resources may be exposed as JavaScript variable data – Opera Security Advisories

JSON strings are sometimes exported by sites as a resource that cannot be read cross-domain, and may contain confidential data. The format of a JSON string ensures that it cannot be read as the contents of a variable, if it is included as a normal script. In some cases, Opera does not correctly...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/03/26 12:0 a.m.11 views

Small windows can be used to trick users into executing downloads – Opera Security Advisories

When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in a small enough window, the user may not realize it is being displayed, and if the right keyboard sequence is carefully followed, they can end...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2010/06/19 12:0 a.m.11 views

Opera may be used as a vector for a font issue in the underlying operating system – Opera Security Advisories

Opera may be used as a vector for a font issue in the underlying operating system – Opera Security Advisories OPCOM Team | June 19, 2010 Affected versions This vulnerability may be targeted through Opera for Windows. Severity Extremely Severe Description A flaw in the font handling on the Windows...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.11 views

Feed links can link to local files

As a security precaution, Opera does not allow Web pages to link to files on the user's local disk. However, a flaw exists that allows Web pages to link to feed source files on the user's computer. Suitable detection of JavaScript events and appropriate manipulation can unreliably allow a script ...

0.9AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.11 views

Simulated text inputs can trick users into uploading arbitrary files

When a user types into a file input, scripts can cause some of the keystrokes to be ignored. If the script can convince the user that they are typing into a normal text input, and not let them see that their keystrokes are being ignored, it can cause the input to point to known file paths on the...

2.7AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.11 views

Java applets can be used to read sensitive information – Opera Security Advisories

Java applets can be used to read sensitive information – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Highly Severe Problem Description Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.11 views

Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories

Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description A specially crafted JPEG header can cause Opera to crash, allowing execution of arbitrary code. Opera’s Response Opera Software has...

6.2AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2008/06/09 12:0 a.m.11 views

Images can be read cross-domain with canvas

HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the image data should no longer be available to scripts. A flaw exists in the way that Opera checks for the source of these images. Suitable...

0.3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/06/09 12:0 a.m.11 views

Images can be read cross-domain with canvas – Opera Security Advisories

Images can be read cross-domain with canvas – Opera Security Advisories OPCOM Team | June 9, 2008 Severity: Less Severe Problem Description HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the...

5.6AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2007/10/16 12:0 a.m.11 views

External news readers and e-mail clients can be used to execute arbitrary code – Opera Security Advisories

External news readers and e-mail clients can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | October 16, 2007 External news readers and e-mail clients can be used to execute arbitrary code. Severity: Highly Severe Affected Versions All versions of Opera for Desktop prio...

6.2AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2007/07/19 12:0 a.m.11 views

data: URLs can spoof trusted trusted sites – Opera Security Advisories

data: URLs can spoof trusted trusted sites – Opera Security Advisories OPCOM Team | July 19, 2007 Summary Opera displays certain data: URLs wrongly, enabling URL spoofing. Severity: Moderately severe Problem description data: URLs embed data inside them, instead of linking to an externalresource...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2007/02/09 12:0 a.m.11 views

Information displayed in the security field should be approached with caution. – Opera Security Advisories

Information displayed in the security field should be approached with caution. – Opera Security Advisories OPCOM Team | February 9, 2007 Summary Even though a Certificate Authority has verified and signed it, a usershould not trust the Organization name without checking the domain name.A fraudule...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2006/09/05 12:0 a.m.11 views

A very large href attribute value in HTML can crash Opera – Opera Security Advisories

A very large href attribute value in HTML can crash Opera – Opera Security Advisories OPCOM Team | September 5, 2006 Summary A very large href attribute value in a Web page can crash Opera. Severity: Not a security issue Problem description A Web page containing a very large href attribute value...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2006/07/05 12:0 a.m.11 views

(Updated) Specially crafted JPEG images enables the execution of arbitrary code.

A specially crafted JPEG image header can trick Opera into allocatingthe wrong amount of memory for the image. This can make Opera crash,or worse, execute code that has been placed into memory in advance...

5.3AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2026/01/28 12:0 a.m.10 views

Data Privacy Day: Inside the role of Data Protection Officer at Opera

Privacy Data Privacy Day: Inside the role of Data Protection Officer at Opera Share January 28th, 2026 Privacy matters all year round. But every January, Data Privacy Day is a great opportunity to learn more about data privacy and protection, and to highlight their importance for everyone in the...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2024/06/12 12:0 a.m.10 views

Does the TunnelVision vulnerability affect Opera’s free VPN?

Privacy Does the TunnelVision vulnerability affect Opera’s free VPN? Share June 12th, 2024 Hello! You may have heard recently about a new type of vulnerability called TunnelVision that makes it possible for a malicious actor to bypass VPN protection. So you will be happy to know that Opera’s free...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2023/12/01 12:0 a.m.10 views

Update your browser: Security fixes for latest Chrome bugs

News, Security Update your browser: Security fixes for latest Chrome bugs Share December 1st, 2023 Hi everyone! The latest patches to the Opera, Opera GX, and Opera Crypto browsers address several recent vulnerabilities, including a zero-day exploit CVE-2023-6345. We recommend updating your...

9.6CVSS7.3AI score0.1963EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2022/08/29 12:0 a.m.10 views

Opera Privacy Statement Update 2022

Privacy Opera Privacy Statement Update 2022 Share August 29th, 2022 Opera, a browser company based out of Oslo, Norway, cares deeply about user security and data protection. With that in mind, we actively work on improving our internal practices and communications with you, our users. We are maki...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2021/09/24 12:0 a.m.10 views

$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser

Research $8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser Share September 24th, 2021 Continuing from hisprevious post, Bug Bounty Hunter Renwa writes about the second vulnerability he submitted to Opera’s Private Bug Bounty Programme: a Remote Code Execution in Opera’s My Flow Feature...

8.8CVSS8AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2020/10/28 12:0 a.m.10 views

Opera Receives DevSecOps All-Star Award at SnykCon 2020

News Opera Receives DevSecOps All-Star Award at SnykCon 2020 Share October 28th, 2020 AtSnykCon 2020, Opera received the DevSecOps All-Star Award for leveraging Snyk to bring a complete and fully automated DevSecOps process into a secure software development lifecycle. Opera was represented by...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2014/05/06 12:0 a.m.10 views

Security changes in Opera 21

News Security changes in Opera 21 Share May 6th, 2014 Opera 21 for Windows and Mac is now out on the Stable channel. As with most major releases, the main focus is on the new features, which are discussed over on the Desktop Team blog. In addition, we have included a reworking of the Address fiel...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2014/04/11 12:0 a.m.10 views

Heartbleed and other heartaches

Security Heartbleed and other heartaches Share April 11th, 2014 As has been reported extensively already, OpenSSL just fixed a serious vulnerability, dubbed Heartbleed. OpenSSL is used in a variety of products used on the internet, including Opera products and servers. We want to share with you h...

8.8CVSS7.1AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2013/12/09 12:0 a.m.10 views

Certificate update

Security Certificate update Share December 9th, 2013 Last week we became aware of the existence of several unauthorized security certificates, issued in violation of rules for creation of such certificates. The certificates chained back to a French certificate authority, ANSSI, and had been signe...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
Opera Security Advisories
Opera Security Advisories
added 2013/04/04 12:0 a.m.10 views

RC4 encryption protocol is vulnerable to certain brute force attacks – Opera Security Advisories

Weaknesses in the RC4 encryption protocol have been found, allowing an attacker to deduce the plaintext. If the same message is encrypted many millions of times, statistical methods can be used to extract valuable information, such as cookies. Due to the time this amount of requests takes, this i...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2013/01/29 12:0 a.m.10 views

Use of SVG clipPaths can allow execution of arbitrary code – Opera Security Advisories

When SVG documents with specifically prepared clipPaths are used in Opera, Opera may allow other content to overwrite the memory, before referencing the memory, which will lead to a crash. If an attacker can control the contents being written into memory, execution of arbitrary code may occur...

6.1AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/11/07 12:0 a.m.10 views

Specially crafted WebP images can be used to disclose random chunks of memory – Opera Security Advisories

WebP images may be used as fill patterns in a HTML5 Canvas, and the values of each pixel in the image can then be intentionally read using scripts. Specially crafted WebP images may specify the wrong size for certain parts of their data, which causes Opera to read data from the wrong positions in...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/11/02 12:0 a.m.10 views

Internet shortcuts used for phishing in elements – Opera Security Advisories

Websites may occasionally want to display image content from untrusted sources. A phishing attack may be carried out by the untrusted source, by displaying malicious instructions on the image, or by navigating the containing page to a similar looking document on another server. Since some image...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/06/12 12:0 a.m.10 views

Carefully timed reloads, redirects, and navigation can spoof the address field – Opera Security Advisories

The address field should always show the address of the page that is being displayed. Certain types of navigation, combined with reloads and redirects to a slowly-responding target site can cause the address field to show the target site’s address, while the attacking site is still being displaye...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/03/26 12:0 a.m.10 views

History.state can leak the state data from cross domain pages – Opera Security Advisories

When a site uses history.pushState and history.replaceState to add or replace history entries, it can also provide optional data, which may typically be used to restore the given state when the user navigates through their browser history. When pages with cross-domain frames use this functionalit...

5.7AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/03/26 12:0 a.m.10 views

Overlapping content can trick users into executing downloads – Opera Security Advisories

Dialogs such as the download dialog are usually displayed on top of page content, to ensure that the user knows that the dialog is requesting attention. In some cases, this policy was not implemented correctly in Opera, allowing certain page content to overlay the dialog. In these cases, clicking...

5.8AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2011/05/11 12:0 a.m.10 views

Frameset issue allows execution of arbitrary code – Opera Security Advisories

Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a memory corruption. To inject code, additional techniques will have to be employed...

5.8AI score
Exploits0References1
Total number of security vulnerabilities391