Resized canvas patterns can cause Opera to execute arbitrary code – Opera Security Advisories

Resized canvas patterns can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause...

Custom shortcuts can pass the wrong parameters to applications – Opera Security Advisories

Custom shortcuts can pass the wrong parameters to applications – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description Custom shortcut and menu commands can be used to activate external applications. In some cases, the parameters passed to these...

History Search can be used to execute arbitrary code – Opera Security Advisories

History Search can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When certain parameters are passed to Opera’s History Search, they can cause content not to be correctly sanitized. This can allow scripts ...

Sites can change framed content on other sites – Opera Security Advisories

Sites can change framed content on other sites – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be...

Feed preview can reveal contents of unrelated news feeds – Opera Security Advisories

Feed preview can reveal contents of unrelated news feeds – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Platforms All desktop versions Problem Description When Opera is previewing a news feed, some scripts are not correctly blocked. These scripts are able to...

History Search can reveal browsing history – Opera Security Advisories

History Search can reveal browsing history – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Platforms All desktop versions Problem Description Certain constructs are not escaped correctly by Opera’s History Search results. These can be used to inject scripts in...

Representation of DOM attribute values could allow cross-site scripting – Opera Security Advisories

Representation of DOM attribute values could allow cross-site scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description When XML is imported into a document, its attribute values are not correctly presented to the DOM. This can allow their...

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderate Problem description Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own characte...

Malformed bitmaps can reveal old data from random places in memory – Opera Security Advisories

Malformed bitmaps can reveal old data from random places in memory – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Usi...

Images can be read cross-domain with canvas – Opera Security Advisories

Images can be read cross-domain with canvas – Opera Security Advisories OPCOM Team | June 9, 2008 Severity: Less Severe Problem Description HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the...

Opera security upgrade for Mac OS X – Opera Security Advisories

Opera security upgrade for Mac OS X – Opera Security Advisories OPCOM Team | October 18, 2007 Opera security upgrade for Mac OS X. Severity: Highly Severe Affected Versions Mac OS X system with the Opera Web browser and the Adobe Flash Player 9.0.47.0 and earlier installed. Problem Description...

The createPattern function can reveal old data from random places in memory – Opera Security Advisories

The createPattern function can reveal old data from random places in memory – Opera Security Advisories OPCOM Team | July 19, 2007 Summary The createPattern function can reveal old data from random places in memory Severity: moderately severe Problem description Opera for Linux, FreeBSD, and...

data: URLs can spoof trusted trusted sites – Opera Security Advisories

data: URLs can spoof trusted trusted sites – Opera Security Advisories OPCOM Team | July 19, 2007 Summary Opera displays certain data: URLs wrongly, enabling URL spoofing. Severity: Moderately severe Problem description data: URLs embed data inside them, instead of linking to an externalresource...

Opera not vulnerable to JPEG processing vulnerability in Microsoft’s GDI+ library – Opera Security Advisories

Opera not vulnerable to JPEG processing vulnerability in Microsoft’s GDI+ library – Opera Security Advisories OPCOM Team | February 9, 2007 Opera is not vulnerable to the JPEG processing vulnerability in Microsoft’s GDI+ library. Details: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPE...

Specially crafted Java applets can crash Opera – Opera Security Advisories

Specially crafted Java applets can crash Opera – Opera Security Advisories OPCOM Team | November 23, 2005 Summary A specially crafted Java applet can cause Opera to crash. Severity: Not exploitable Problem description Java code using LiveConnect methods to remove a property of aJavaScript object...

Internationalized domain names (IDN) can be used for spoofing. – Opera Security Advisories

Internationalized domain names IDN can be used for spoofing. – Opera Security Advisories OPCOM Team | February 25, 2005 Summary Opera supports internationalized domain names IDN, which allowsfor example Russian or Chinese domain names to be written in theirown native scripts. However, this also...

Thanks to the researchers 2018

News Thanks to the researchers 2018 Share February 13th, 2018 Every year, researchers offer us their assistance to help enhance the security of our websites. We would like to thank those who discovered and reported security issues in 2018. EDIT: The list of researchers was moved to our new site,t...

Thanks to the researchers 2015

Research Thanks to the researchers 2015 Share January 16th, 2015 At Opera Software, we run a large number of websites for our products and services, and we like to give credit to the researchers and website testers who offer their assistance to help us tighten the security of those websites. We...

Security changes and features of Opera 19

Security Security changes and features of Opera 19 Share January 31st, 2014 Opera 19 is now been put through its paces on the Developer and Next channels, and is now out on the Stable channel. Opera 19 for Android has also recently been released. New features As with every release, each new featu...

TLS response timings can indicate network contents – Opera Security Advisories

When Opera receives incorrectly encrypted network data, Opera will detect this, and let the sender know that the data was not understood. Such encrypted error responses are marginally faster than regular responses. An attacker with access to the network, can by replacing network data measure...

Malformed GIF images could allow execution of arbitrary code – Opera Security Advisories

When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This can lead to a...

HTTP response heap buffer overflow can allow execution of arbitrary code – Opera Security Advisories

When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruptio...

Certain URL constructs can allow arbitrary code execution – Opera Security Advisories

Certain page address URL constructs can cause Opera to allocate the wrong amount of memory for storing the address. When it then attempts to store the address, it will overwrite unrelated memory with attacker-controlled data. This can lead to a crash, which may also execute that data as code...

Plug-in content may monitor keystrokes on unrelated pages – Opera Security Advisories

Plug-ins may use operating system features to detect key presses when the plug-in is focused. If the plug-in does not detect its own focused state correctly, it can detect key presses when other pages are focused, allowing the plug-in content to detect key presses intended for pages from other...

Pages can prevent navigation to a target page, spoofing the address field – Opera Security Advisories

When a user types a new URL for the browser to load, the currently active page may detect when the new page is about to load and prevent the navigation, while still leaving the new URL displayed in the address bar. This can then be used to spoof the URL of the target page. The malicious page woul...

HTTP header leakage when using Opera Turbo – Opera Security Advisories

HTTP header leakage when using Opera Turbo – Opera Security Advisories OPCOM Team | February 11, 2011 Severity High Description When using Opera Turbo, pages are requested by the Opera Turbo servers, sending the relevant HTTP headers for that request. In some cases, the headers are incorrectly...

WAP form content can be leaked to other sites – Opera Security Advisories

When accepting user input in form fields on a WAP page, WML requires that the input contents are remembered, and used to populate every further input sharing the same name. This should continue as long as the user continues to click links known as a WAP session, even populating similarly named...

Reloads and redirects can allow spoofing and cross site scripting – Opera Security Advisories

Reloads and redirects can allow spoofing and cross site scripting – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Critical Description Scripts on a page are supposed to be restricted so that they can only interact with other pages from the same domain and security context...

TLS protocol vulnerable to Man In The Middle attack – Opera Security Advisories

TLS protocol vulnerable to Man In The Middle attack – Opera Security Advisories OPCOM Team | June 29, 2010 Summary A vulnerability has been discovered in all current versions of the SSL and TLS protocols, that may allow an attacker to inject data and instructions into the HTTPS connection and tri...

Certain characters may be used for domain name spoofing – Opera Security Advisories

Certain characters may be used for domain name spoofing – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Moderately severe Description Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With...

Heap buffer overflow in string to number conversion – Opera Security Advisories

Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. This also affects the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash...

Certain characters can be used to allow cross-site scripting – Opera Security Advisories

Certain characters can be used to allow cross-site scripting – Opera Security Advisories OPCOM Team | December 17, 2008 Severity Highly Severe Problem Description When accepting HTML content from untrusted users, Web sites sometimes employ some kind of filtering to ensure that the content cannot...

The links panel can allow cross-site scripting – Opera Security Advisories

The links panel can allow cross-site scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is...

Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories

Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Moderately Severe Problem Description When a user types into a file input, scripts can cause some of the keystrokes to be ignored. If the script can convince t...

Vulnerability in Opera’s use of kfmclient – Opera Security Advisories

Vulnerability in Opera’s use of kfmclient – Opera Security Advisories OPCOM Team | February 9, 2007 Severity: Moderate Since version 7.50, Opera for Linux has offered theuser a new way to open files which Opera can not openitself: “Open with kfmclient”. This feature can beexploited to run malicio...

Opera security advisory 2004-12-10 – Opera Security Advisories

Opera security advisory 2004-12-10 – Opera Security Advisories OPCOM Team | February 9, 2007 Opera security advisory Named frames or windows can be hi-jacked by malicious frames or windows. Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog...

Data URLs with executables and misleading download dialog – Opera Security Advisories

Data URLs with executables and misleading download dialog – Opera Security Advisories OPCOM Team | February 9, 2007 Severity: Moderate Summary A data URL RCF 2397 containing an executable file maycause Opera to mislead the user. Opera’s download dialogwill in some cases say “Open with NOTEPAD.EXE...

Very large link addresses can cause Opera to crash – Opera Security Advisories

Very large link addresses can cause Opera to crash – Opera Security Advisories OPCOM Team | October 17, 2006 Summary: Very large link addresses can cause Opera to crash. Severity: Moderate Problem description An extremely long link address can cause Opera to crash.A specially crafted long link...