391 matches found
Web page content can display misleading security information – Opera Security Advisories
Dialogs such as the security information dialog and download dialog are displayed over the top of the webpage content. In some cases, webpage content will be incorrectly displayed on top of the dialogs, or over parts of the dialogs. This content can then display misleading security information,...
Manipulating the window can be used to spoof the page address – Opera Security Advisories
Manipulating the window can be used to spoof the page address – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Low Description Web page scripts can be used to alter the size of the browser window. In some cases, this manipulation can cause the wrong part of the Web page address t...
A JPEG image with a malformed header can crash Opera – Opera Security Advisories
A JPEG image with a malformed header can crash Opera – Opera Security Advisories OPCOM Team | December 16, 2008 Summary A JPEG image with a malformed header can crash Opera, and causearbitrary code to be run. Severity Moderate Problem description A specially crafted DHT marker in the JPEG file...
Custom shortcuts can pass the wrong parameters to applications – Opera Security Advisories
Custom shortcuts can pass the wrong parameters to applications – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description Custom shortcut and menu commands can be used to activate external applications. In some cases, the parameters passed to these...
Feed links can link to local files – Opera Security Advisories
Feed links can link to local files – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Less Severe Problem Description As a security precaution, Opera does not allow Web pages to link to files on the user’s local disk. However, a flaw exists that allows Web pages to link to feed...
Insecure pages can show incorrect security information – Opera Security Advisories
Insecure pages can show incorrect security information – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Less Severe Problem Description When insecure pages load content from secure sites into a frame, they can cause Opera to incorrectly report the insecure site as being secure...
Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories
Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderate Problem description Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own characte...
The createPattern function can reveal old data from random places in memory – Opera Security Advisories
The createPattern function can reveal old data from random places in memory – Opera Security Advisories OPCOM Team | July 19, 2007 Summary The createPattern function can reveal old data from random places in memory Severity: moderately severe Problem description Opera for Linux, FreeBSD, and...
Vulnerability in Opera’s use of kfmclient – Opera Security Advisories
Vulnerability in Opera’s use of kfmclient – Opera Security Advisories OPCOM Team | February 9, 2007 Severity: Moderate Since version 7.50, Opera for Linux has offered theuser a new way to open files which Opera can not openitself: “Open with kfmclient”. This feature can beexploited to run malicio...
Opera not vulnerable to JPEG processing vulnerability in Microsoft’s GDI+ library – Opera Security Advisories
Opera not vulnerable to JPEG processing vulnerability in Microsoft’s GDI+ library – Opera Security Advisories OPCOM Team | February 9, 2007 Opera is not vulnerable to the JPEG processing vulnerability in Microsoft’s GDI+ library. Details: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPE...
Specially crafted Java applets can crash Opera – Opera Security Advisories
Specially crafted Java applets can crash Opera – Opera Security Advisories OPCOM Team | November 23, 2005 Summary A specially crafted Java applet can cause Opera to crash. Severity: Not exploitable Problem description Java code using LiveConnect methods to remove a property of aJavaScript object...
Internationalized domain names (IDN) can be used for spoofing. – Opera Security Advisories
Internationalized domain names IDN can be used for spoofing. – Opera Security Advisories OPCOM Team | February 25, 2005 Summary Opera supports internationalized domain names IDN, which allowsfor example Russian or Chinese domain names to be written in theirown native scripts. However, this also...
Here’s how Opera’s Paste Protect guards you natively against clipboard attacks
News, Security Here’s how Opera’s Paste Protect guards you natively against clipboard attacks Share July 2nd, 2026 At Opera, user security is a top priority. That’s why today, we are excited to announce that Opera is the first browser to introduce Paste Protect: a native defense measure against...
Fuzzing HTTP Proxies: Squid, Part 2
Research Fuzzing HTTP Proxies: Squid, Part 2 Share October 1st, 2021 Security is important to us, here at Opera. That’s why, apart from making our browsers safer, we also want to make the Web a bit safer. One of those ways is helping other developers find and fix vulnerabilities in their products...
Making browsing safe from phishing
Privacy, Security Making browsing safe from phishing Share January 7th, 2021 Mallory tries to create a phishing site to lure Alice into revealing her secrets. TL;DR: skip to the conclusions to see what Alice learned. The Privacy Problem In the previous episode, Mallory was thinking about...
Opera 12 and Opera Mail security update
Security Opera 12 and Opera Mail security update Share February 16th, 2016 We realize that those of you on old operating systems like Windows XP SP1 and older are left without much choice beyond using our Presto-based browser. With security standards on the web changing so much we didn’t want to...
Misissued certificates
Security Misissued certificates Share October 29th, 2015 Recently, Google found a google.com pre-certificate in a CT log, without having ordered one. This lead to a series of incidents, also involving Opera and its security team. The backstory Google promptly contacted Symantec who had issued the...
Optimizing encrypted video
Security Optimizing encrypted video Share February 25th, 2015 You might have seen our press release that Opera’s Rocket Optimizer can now optimize encrypted video streams. The attentive reader will already have halted and said, “wait, what?”. In this blog post, we’ll explain how this works. Rocke...
Security changes in Opera 23
News Security changes in Opera 23 Share August 19th, 2014 Opera 23 has been out on the stable channel for a while, and we have just released a few silent security updates as well. The first was a regular Opera security fix, the second was to take in a security patch in advance of the regular...
New home for the Security Group blog
News New home for the Security Group blog Share October 31st, 2013 Welcome to the new home of the Opera Security Group. We have changed our blogging platform. For more more information regarding the switch, please see this post. If you received this blog post in your feed reader, you do not need ...
TLS response timings can indicate network contents – Opera Security Advisories
When Opera receives incorrectly encrypted network data, Opera will detect this, and let the sender know that the data was not understood. Such encrypted error responses are marginally faster than regular responses. An attacker with access to the network, can by replacing network data measure...
Carefully timed redirects can allow cross site scripting – Opera Security Advisories
Scripts on a page are supposed to be restricted so that they can only interact with other pages from the same domain and security context. Carefully timed redirects can cause scripts to execute in the wrong security context in Opera. This allows cross site scripting XSS...
Pages can prevent navigation to a target page, spoofing the address field – Opera Security Advisories
When a user types a new URL for the browser to load, the currently active page may detect when the new page is about to load and prevent the navigation, while still leaving the new URL displayed in the address bar. This can then be used to spoof the URL of the target page. The malicious page woul...
Printing issue can allow data leaks to other system users, or allow them to corrupt data – Opera Security Advisories
When pages are printed by Opera, a temporary file is created, which contains the document to print. This document is not created with the correct permissions, allowing other users of the system to read its contents. When printed with certain popular printing frameworks, an additional temporary fi...
Issue with error pages can cause a system crash – Opera Security Advisories
When attempting to resolve a URL which cannot be interpreted as a legal URL, Opera will create an error page to display to the user when they load it. If enough invalid URLs can be created, Opera can use up all available disk space with these error pages, causing the browser or operating system t...
HTTP header leakage when using Opera Turbo – Opera Security Advisories
HTTP header leakage when using Opera Turbo – Opera Security Advisories OPCOM Team | February 11, 2011 Severity High Description When using Opera Turbo, pages are requested by the Opera Turbo servers, sending the relevant HTTP headers for that request. In some cases, the headers are incorrectly...
Clickjacking attacks may be carried out against internal opera: URLs – Opera Security Advisories
Clickjacking attacks may be carried out against internal opera: URLs – Opera Security Advisories OPCOM Team | January 25, 2011 Severity High Description Internal opera: URLs which may be used to modify the Opera configuration have some intentional restrictions that are designed to mitigate possib...
JavaScript might run in the wrong context if loaded from error page – Opera Security Advisories
JavaScript might run in the wrong context if loaded from error page – Opera Security Advisories OPCOM Team | October 11, 2010 Severity Moderate Description If Opera is sent to an invalid URL, an error page will be displayed along with a link to the URL. The URL linked to might run scripts, and in...
Certain characters may be used for domain name spoofing – Opera Security Advisories
Certain characters may be used for domain name spoofing – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Moderately severe Description Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With...
Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories
Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Moderately Severe Problem Description When a user types into a file input, scripts can cause some of the keystrokes to be ignored. If the script can convince t...
Opera Privacy Statement Update 2019
Privacy Opera Privacy Statement Update 2019 Share February 7th, 2019 This is an outdated article. Please read Opera Privacy Statement Update 2022 instead. We have recently updated our end-user license agreements and our terms of service have been updated as well. We are also about to update our...
Opera installer mistakenly marked as malicious
Security Opera installer mistakenly marked as malicious Share February 22nd, 2017 During the past few days some of our users have contacted us raising the concern that the Qihoo 360 Total Security anti-virus software has been labelling the Opera installer executable for Windows as some form of...
Thanks to the researchers 2015
Research Thanks to the researchers 2015 Share January 16th, 2015 At Opera Software, we run a large number of websites for our products and services, and we like to give credit to the researchers and website testers who offer their assistance to help us tighten the security of those websites. We...
Security changes and features of Opera 19
Security Security changes and features of Opera 19 Share January 31st, 2014 Opera 19 is now been put through its paces on the Developer and Next channels, and is now out on the Stable channel. Opera 19 for Android has also recently been released. New features As with every release, each new featu...
WAP form content can be leaked to other sites – Opera Security Advisories
When accepting user input in form fields on a WAP page, WML requires that the input contents are remembered, and used to populate every further input sharing the same name. This should continue as long as the user continues to click links known as a WAP session, even populating similarly named...
Opera security advisory 2004-12-10 – Opera Security Advisories
Opera security advisory 2004-12-10 – Opera Security Advisories OPCOM Team | February 9, 2007 Opera security advisory Named frames or windows can be hi-jacked by malicious frames or windows. Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog...
Security fix: Addressing a GX mods vulnerability
News, Security Security fix: Addressing a GX mods vulnerability Share July 3rd, 2026 Hi Opera users, Recently, an independent security researcher responsibly disclosed a vulnerability in Opera GX. The vulnerability, which has since been patched, took advantage of our mods functionality. After...
Thanks to the researchers 2018
News Thanks to the researchers 2018 Share February 13th, 2018 Every year, researchers offer us their assistance to help enhance the security of our websites. We would like to thank those who discovered and reported security issues in 2018. EDIT: The list of researchers was moved to our new site,t...
Heap buffer overflow in string to number conversion – Opera Security Advisories
Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. This also affects the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash...
Certain characters can be used to allow cross-site scripting – Opera Security Advisories
Certain characters can be used to allow cross-site scripting – Opera Security Advisories OPCOM Team | December 17, 2008 Severity Highly Severe Problem Description When accepting HTML content from untrusted users, Web sites sometimes employ some kind of filtering to ensure that the content cannot...
The links panel can allow cross-site scripting – Opera Security Advisories
The links panel can allow cross-site scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is...