391 matches found
Web pages can gain limited access to files on the user’s computer – Opera Security Advisories
Web pages can gain limited access to files on the user’s computer – Opera Security Advisories OPCOM Team | January 25, 2011 Severity High Description Certain types of HTTP responses and redirections can cause Opera to mistakenly give elevated privileges to remote web pages. These pages can then u...
Cross-domain checks may be bypassed, allowing limited data theft using CSS – Opera Security Advisories
Cross-domain checks may be bypassed, allowing limited data theft using CSS – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Moderate Description CSS can be loaded cross-domain. In some cases, files that do not contain CSS may be partially interpreted as CSS. It is possible to mak...
Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code – Opera Security Advisories
Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code – Opera Security Advisories OPCOM Team | September 8, 2010 Severity High Description Opera uses dynamic link libraries DLLs of its own, and several provided by the host operating system or plug-ins. In some cases,...
News feed preview can subscribe to feeds without interaction – Opera Security Advisories
News feed preview can subscribe to feeds without interaction – Opera Security Advisories OPCOM Team | August 12, 2010 Severity Low Description When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user t...
Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories
Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | August 12, 2010 Severity High Description Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflow...
Double-clicking a link can unexpectedly run a program from the Internet – Opera Security Advisories
Double-clicking a link can unexpectedly run a program from the Internet – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Moderately severe Description When a user clicks a link on a Web page that points to an executable file, Opera will show a download dialog to allow the user to...
TLS protocol vulnerable to Man In The Middle attack – Opera Security Advisories
TLS protocol vulnerable to Man In The Middle attack – Opera Security Advisories OPCOM Team | June 29, 2010 Summary A vulnerability has been discovered in all current versions of the SSL and TLS protocols, that may allow an attacker to inject data and instructions into the HTTPS connection and tri...
Data URIs can be used to allow cross-site scripting – Opera Security Advisories
Data URIs can be used to allow cross-site scripting – Opera Security Advisories OPCOM Team | June 22, 2010 Severity Highly severe Description Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly...
Opera may be used as a vector for a font issue in the underlying operating system
A flaw in the font handling on the Windows operating system has been fixed by Microsoft. On unpatched systems, Web fonts may be used to exploit this issue through Opera...
Error messages can leak onto unrelated sites – Opera Security Advisories
Scripting error messages are normally available only to the page that caused the error. In some cases, the error messages could be passed to other sites as the contents of unrelated variables, and may contain sensitive information. If those sites write the content into the page markup, this could...
Sites using revoked intermediate certificates might be shown as secure – Opera Security Advisories
Sites using revoked intermediate certificates might be shown as secure – Opera Security Advisories OPCOM Team | August 29, 2009 Summary Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the...
TLS certificates can be used to execute arbitrary code – Opera Security Advisories
TLS certificates can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | February 13, 2009 Severity Highly Severe Problem Description When connecting to a TLS-protected website, Opera parses the X.509 certificate. If a site uses a specially crafted Subject Alternative Name ...
Vulnerability in createSVGTransformFromMatrix (JavaScript, SVG) – Opera Security Advisories
Vulnerability in createSVGTransformFromMatrix JavaScript, SVG – Opera Security Advisories OPCOM Team | December 16, 2008 Summary A vulnerability in createSVGTransformFromMatrix ObjectTypecasting can crash Opera. Severity Moderate Problem description Passing an incorrect object to...
History Search can be used to execute arbitrary code – Opera Security Advisories
History Search can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When certain parameters are passed to Opera’s History Search, they can cause content not to be correctly sanitized. This can allow scripts ...
Sites can change framed content on other sites – Opera Security Advisories
Sites can change framed content on other sites – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be...
Startup crash can allow execution of arbitrary code – Opera Security Advisories
Startup crash can allow execution of arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this...
Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories
Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When an application attempts to access a URL that uses a protocol that it does not understand, it may...
canvas functions can reveal data from random places in memory – Opera Security Advisories
canvas functions can reveal data from random places in memory – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately severe Problem description There is a flaw in the way that certain canvas functions are handled, that can cause the canvas to be painted with very small...
Newsfeed prompt can cause Opera to execute arbitrary code – Opera Security Advisories
Newsfeed prompt can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description When Opera encounters a newsfeed source on a Web page, it prompts to add the source as a newsfeed. A script can manipulate the feed sourc...
Long hostnames in file: URLs can cause execution of arbitrary code
Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remote Web pages cannot refer to file: URLs, so successful exploitation involves tricking users into manually opening the exploit URL, or a local file that refers to it...
Manipulating text input contents can allow execution of arbitrary code – Opera Security Advisories
Manipulating text input contents can allow execution of arbitrary code – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Extremely Severe Problem Description Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code...
Built-in XSLT templates can allow cross-site scripting – Opera Security Advisories
Built-in XSLT templates can allow cross-site scripting – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Highly Severe Problem Description Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untruste...
Opera security upgrade for Mac OS X – Opera Security Advisories
Opera security upgrade for Mac OS X – Opera Security Advisories OPCOM Team | October 18, 2007 Opera security upgrade for Mac OS X. Severity: Highly Severe Affected Versions Mac OS X system with the Opera Web browser and the Adobe Flash Player 9.0.47.0 and earlier installed. Problem Description...
The link tooltip and the statusbar can be misleading – Opera Security Advisories
The link tooltip and the statusbar can be misleading – Opera Security Advisories OPCOM Team | February 17, 2006 Summary Opera’s status bar shows the “title” attribute of a form inputimage, not the form’s “action” URL. This may mislead the user. Severity: Very low Problem description It is possibl...
Double-clicking a link can run a program from the Internet – Opera Security Advisories
Double-clicking a link can run a program from the Internet – Opera Security Advisories OPCOM Team | December 19, 2005 Summary If a user double-clicks a Web link leading to a program,that program can be run. The second click may go intothe “Open” button of the file download dialog. Severity:...
A very long title in a web page can cause a crash on startup – Opera Security Advisories
A very long title in a web page can cause a crash on startup – Opera Security Advisories OPCOM Team | December 12, 2005 Summary A web page with an extremely long attribute can causeOpera to crash when certain conditions are met. It affectsWindows users with Input Method Editor IME installed...
Opera may execute command line embedded in URLs – Opera Security Advisories
Opera may execute command line embedded in URLs – Opera Security Advisories OPCOM Team | November 23, 2005 Summary Opera will execute command lines embedded in the URL when anotherprogram uses Opera to open a link. This affects UNIX versions ofOpera Linux/FreeBSD/Solaris. Severity: High Problem...
Combinations of right-to-left text and negative margins can crash Opera – Opera Security Advisories
Combinations of right-to-left text and negative margins can crash Opera – Opera Security Advisories OPCOM Team | November 23, 2005 Summary Combinations of right-to-left text and negative marginsin HTML code can crash Opera. Severity: Not a security issue. Problem description Right-to-left scripts...
Protected with Opera Neon: Understanding agentic browser security
Security Protected with Opera Neon: Understanding agentic browser security Share October 21st, 2025 Hi Opera users, If you were hanging out around these parts in the past few weeks, you might have noticed that we launched Opera Neon – an AI agentic browser that can browse with you or for you, tak...
VPNs explained: How a VPN helps keep your online life private
Privacy, Security VPNs explained: How a VPN helps keep your online life private Share July 1st, 2025 Today, we spend more than half our lives online. So it’s only natural that we worry a lot more about online safety and privacy. VPNs are just one of the tools many internet users already rely on t...
Update your browser: Security fixes for latest Chrome zero-day
News, Security Update your browser: Security fixes for latest Chrome zero-day Share June 5th, 2025 Hi everyone! The latest patches to the Opera, Opera GX, Opera Air, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2025-5419. We recommend updating you...
Update your browser: Security fixes for latest Chrome zero-day
News, Security Update your browser: Security fixes for latest Chrome zero-day Share August 23rd, 2024 Hi everyone! The latest patches to the Opera and Opera GX address several recent vulnerabilities, including a zero-day exploit CVE-2024-7971. We recommend updating your browsers to the latest...
How your Opera browser keeps you safe from spyware and other cyber threats
Privacy, Security How your Opera browser keeps you safe from spyware and other cyber threats Share August 11th, 2023 Hi everyone! In our digital age, your online security is often under threat. From phishing scams to spyware and direct hacking attempts, your personal data is often in the crosshai...
Update your browser: Security fixes for latest Chrome bugs
News, Security Update your browser: Security fixes for latest Chrome bugs Share August 10th, 2023 Hi everyone! Opera, Opera GX, and Opera Crypto Browser have received important updates addressing a number of vulnerabilities and bugs. Among those are the following important vulnerabilities detecte...
Opera’s Security team at Barcelona Cybersecurity Congress 2023
Security Opera’s Security team at Barcelona Cybersecurity Congress 2023 Share February 9th, 2023 Hello readers! If you follow our Security team’s Twitter account it’s here, by the way!, you’ll have noticed we were busy last week meeting cybersecurity enthusiasts and professionals at this year’s...
It’s Data Privacy Day: Here’s how to protect your data and become your own privacy champion
News, Security It’s Data Privacy Day: Here’s how to protect your data and become your own privacy champion Share January 27th, 2023 Hello readers! January 28 is Data Privacy Day – an annual celebration of all things data protection and online privacy! It’s an opportunity for businesses and users ...
Safe Browsing now on Opera for Android
Security Safe Browsing now on Opera for Android Share November 11th, 2022 Hi Android users! We’re happy to share that Opera for Android 72 now features Safe Browsing to keep you even safer when browsing or shopping online on your Android device. Safe Browsing protects your online experience by...
Opera’s Free Browser VPN Completes Independent Security Audit by Cure53
News Opera’s Free Browser VPN Completes Independent Security Audit by Cure53 Share March 30th, 2022 Today we’re happy to announce the completion of an independent security audit of Opera’s free built-in browser VPN. Opera’s free, no-log, built-in browser VPN was originally launched as part of the...
Opera Browser for Android
Research Opera Browser for Android Share May 21st, 2021 In this episode of theOpera Bug Bounty series, we introduce Opera for Android, our main product for the Android platform. What is Opera for Android Opera for Android is a Chromium-based browser that prides itself on a user-friendly and good...
Can a browser extension be cursed?
Privacy Can a browser extension be cursed? Share December 4th, 2020 Mallory tries to create a browser extension that will let him spy on Alice. TL;DR: skip to the conclusions to see what Alice learned. The Privacy Problem Mallory was quite tired of his failed attempts to melt Alice’s heart. She...
What is the TLS padlock saying?
Security What is the TLS padlock saying? Share November 20th, 2020 Alice and Bob use TLS to keep their long distance relationship hot and private. TL;DR: skip to the conclusions to see what Alice learned. The Privacy Problem Alice and Bob had to turn their relationship into a long distance one...
Flow is seamless and secure – security features explained
Security Flow is seamless and secure – security features explained Share August 28th, 2018 Some of you may already be familiar with Flow, the new feature that allows you to quickly and seamlessly share images, links and videos between your Opera browser for computers and your Opera Touch mobile...
Possibly Tricking Users – The Perils of Drag n Drop Decadence
Security Possibly Tricking Users – The Perils of Drag n Drop Decadence Share May 12th, 2014 In the recent Opera 21 Stable release, we fixed a number of bugs relating to the address field. Normally, we would not want to give away too much about a security issue, as it would give a potential attack...
Security changes in Opera 20 update
Security Security changes in Opera 20 update Share March 13th, 2014 We have just released a silent update of Opera 20, you would most likely not even have noticed. From a security perspective, we have made two interesting changes in this update. The first one regards what we call the badge, the...
Cookies can be set for a top-level domain – Opera Security Advisories
Browsers should only allow cookies to be set for the website that created them. In some specific cases, Opera does not apply this restriction correctly, and allows a website to set a cookie for its entire top-level domain such as .com or .co.uk. A malicious site could then redirect the user to...
DOM events manipulation might be used to execute arbitrary code – Opera Security Advisories
DOM events manipulation might be used to execute arbitrary code – Opera Security Advisories OPCOM Team | January 29, 2013 Severity: High Description: Particular DOM event manipulations can cause Opera to crash. In some cases, this crash might occur in a way that allows execution of arbitrary code...
Private data can be disclosed to other computer users, or be modified by them – Opera Security Advisories
Private data such as cache, password files, and Opera’s configuration files are supposed to be visible only to the user who owns the Opera profile. Opera does not set the profile folder permissions correctly, allowing other computer users to read the sensitive contents of profile files. In some...
HTTP response heap buffer overflow can allow execution of arbitrary code – Opera Security Advisories
When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruptio...
Certificate revocation service failure may cause Opera to show an unverified site as secure – Opera Security Advisories
When accessing secure websites, Opera checks with a number of services to check if the website’s security certificate has been revoked. Normally, if Opera cannot check revocation status, it will not present the site as secure. In some cases, a failure in one of these services can cause Opera not ...
Certain characters in HTML can incorrectly be ignored, which can facilitate XSS attacks – Opera Security Advisories
Sites that allow content to be provided by untrusted users, such as forums and blogging sites, typically sanitize the untrusted content to ensure that it does not contain any harmful content, such as malicious scripts. When certain characters appear at specific locations within HTML markup, they...