386 matches found
Cross-domain checks may be bypassed, allowing limited data theft using CSS
CSS can be loaded cross-domain. In some cases, files that do not contain CSS may be partially interpreted as CSS. It is possible to make Opera incorrectly treat remote CSS files as if they were CSS files from the document-origin server, allowing the interpreted parts of a remote file to be read b...
Manipulating the window can be used to spoof the page address
Web page scripts can be used to alter the size of the browser window. In some cases, this manipulation can cause the wrong part of the Web page address to be displayed in the Address Bar, so that the part that is initially visible to the user is not the start of the address, and may contain conte...
Reloads and redirects can allow spoofing and cross site scripting – Opera Security Advisories
Reloads and redirects can allow spoofing and cross site scripting – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Critical Description Scripts on a page are supposed to be restricted so that they can only interact with other pages from the same domain and security context...
Private video streams can be intercepted
Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the content of the canvas can be safely read out by scripts. In some cases, Opera does not check the video's origin correctly, and may...
Manipulating the window can be used to spoof the page address – Opera Security Advisories
Manipulating the window can be used to spoof the page address – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Low Description Web page scripts can be used to alter the size of the browser window. In some cases, this manipulation can cause the wrong part of the Web page address t...
Private video streams can be intercepted – Opera Security Advisories
Private video streams can be intercepted – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Moderate Description Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the...
Reloads and redirects can allow spoofing and cross site scripting
Scripts on a page are supposed to be restricted so that they can only interact with other pages from the same domain and security context. Carefully timed reloads and redirects, when combined with appropriate caching, can cause scripts to execute in the wrong security context in Opera. This allow...
Cross-domain checks may be bypassed, allowing limited data theft using CSS – Opera Security Advisories
Cross-domain checks may be bypassed, allowing limited data theft using CSS – Opera Security Advisories OPCOM Team | October 6, 2010 Severity Moderate Description CSS can be loaded cross-domain. In some cases, files that do not contain CSS may be partially interpreted as CSS. It is possible to mak...
Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code
Opera uses dynamic link libraries DLLs of its own, and several provided by the host operating system or plug-ins. In some cases, Opera searches for these DLLs in the same location as a resource that is being loaded, and if a malicious DLL is located, it will load that as if it were a trusted DLL...
Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code – Opera Security Advisories
Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code – Opera Security Advisories OPCOM Team | September 8, 2010 Severity High Description Opera uses dynamic link libraries DLLs of its own, and several provided by the host operating system or plug-ins. In some cases,...
Unexpected changes in tab focus can be used to run programs from the Internet
Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab is closed or hidden at the moment that a user was about to click, they can end up clicking on the buttons in the dialog, causin...
News feed preview can subscribe to feeds without interaction
When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user to the feed without their consent...
Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories
Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | August 12, 2010 Severity High Description Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflow...
Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code
Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code,...
Unexpected changes in tab focus can be used to run programs from the Internet – Opera Security Advisories
Unexpected changes in tab focus can be used to run programs from the Internet – Opera Security Advisories OPCOM Team | August 12, 2010 Severity Moderate Description Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run...
News feed preview can subscribe to feeds without interaction – Opera Security Advisories
News feed preview can subscribe to feeds without interaction – Opera Security Advisories OPCOM Team | August 12, 2010 Severity Low Description When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user t...
File inputs can disclose the path to selected files
When a file is selected in a file upload input, the path to that file is not exposed through the input's value property. This is done to protect any sensitive information which may be contained in the directory names. When manipulated by DOM this information should also not be exposed. Certain DO...
Unrestricted File I/O can be used by Widgets to execute arbitrary code – Opera Security Advisories
Unrestricted File I/O can be used by Widgets to execute arbitrary code – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Highly severe Description Widgets may use File I/O to create, read, modify, or delete files, with the user’s permission. When using this functionality, Opera shou...
Double-clicking a link can unexpectedly run a program from the Internet – Opera Security Advisories
Double-clicking a link can unexpectedly run a program from the Internet – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Moderately severe Description When a user clicks a link on a Web page that points to an executable file, Opera will show a download dialog to allow the user to...
TLS protocol vulnerable to Man In The Middle attack
A vulnerability has been discovered in all current versions of the SSL and TLS protocols, that may allow an attacker to inject data and instructions into the HTTPS connection and trick the server to believe the date and instructions came from the client.The attacker accomplishes this by first...
Users can be tricked into uploading unexpected files
Plug-ins may be used to seed the system clipboard with paths to a target file, while the user may not expect that to be the contents of the clipboard. If the user can be convinced to focus a file input and paste the contents of the clipboard, the file can then be immediately uploaded without...
TLS protocol vulnerable to Man In The Middle attack – Opera Security Advisories
TLS protocol vulnerable to Man In The Middle attack – Opera Security Advisories OPCOM Team | June 29, 2010 Summary A vulnerability has been discovered in all current versions of the SSL and TLS protocols, that may allow an attacker to inject data and instructions into the HTTPS connection and tri...
Certain characters may be used for domain name spoofing – Opera Security Advisories
Certain characters may be used for domain name spoofing – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Moderately severe Description Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With...
Widget properties exposed to third party domains – Opera Security Advisories
Widget properties exposed to third party domains – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Moderately severe Description In some cases, widget properties could be exposed to third party domains, leading to the possibility of leak of widget information, or configuration optio...
Users can be tricked into uploading unexpected files – Opera Security Advisories
Users can be tricked into uploading unexpected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description Plug-ins may be used to seed the system clipboard with paths to a target file, while the user may not expect that to be the contents of the clipboard. If th...
Widget properties exposed to third party domains
In some cases, widget properties could be exposed to third party domains, leading to the possibility of leak of widget information, or configuration options for the widget...
Certain characters may be used for domain name spoofing
Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With untrusted top-level domains, Opera prevents certain combinations of characters from being used in the same part of a domain name as each other, and should...
Double-clicking a link can unexpectedly run a program from the Internet
When a user clicks a link on a Web page that points to an executable file, Opera will show a download dialog to allow the user to download it. The dialog will allow the user to choose to run the executable directly. If the user accidentally double clicks, the second click will activate whatever i...
Unrestricted File I/O can be used by Widgets to execute arbitrary code
Widgets may use File I/O to create, read, modify, or delete files, with the user's permission. When using this functionality, Opera should request permission from the user, and ask for a location to use for the files that will be manipulated. In some cases, Opera fails to ask for permission, and...
File inputs can disclose the path to selected files – Opera Security Advisories
File inputs can disclose the path to selected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitiv...
Data URIs can be used to allow cross-site scripting – Opera Security Advisories
Data URIs can be used to allow cross-site scripting – Opera Security Advisories OPCOM Team | June 22, 2010 Severity Highly severe Description Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly...
Data URIs can be used to allow cross-site scripting
Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be...
Opera may be used as a vector for a font issue in the underlying operating system
A flaw in the font handling on the Windows operating system has been fixed by Microsoft. On unpatched systems, Web fonts may be used to exploit this issue through Opera...
Opera may be used as a vector for a font issue in the underlying operating system – Opera Security Advisories
Opera may be used as a vector for a font issue in the underlying operating system – Opera Security Advisories OPCOM Team | June 19, 2010 Affected versions This vulnerability may be targeted through Opera for Windows. Severity Extremely Severe Description A flaw in the font handling on the Windows...
Multiple asynchronous document modifications can be used to execute arbitrary code
Multiple asynchronous calls to a script that modifies the document contents can cause Opera to reference an uninitialized value, which may lead to a crash. To inject code, additional techniques will have to be employed...
Multiple asynchronous document modifications can be used to execute arbitrary code – Opera Security Advisories
Multiple asynchronous document modifications can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | April 28, 2010 Affected versions This vulnerability affects Opera for Windows and Mac. Severity Extremely Severe Description Multiple asynchronous calls to a script that...
XSLT can be used to retrieve random contents of unrelated documents – Opera Security Advisories
XSLT can be used to retrieve random contents of unrelated documents – Opera Security Advisories OPCOM Team | March 18, 2010 Affected versions This vulnerability affects Opera 10.50. Severity Highly severe Description XSLT is normally subject to strict controls, preventing documents from separate...
XSLT can be used to retrieve random contents of unrelated documents
XSLT is normally subject to strict controls, preventing documents from separate Web sites from reading the contents of other sites. Certain XSLT constructs can cause Opera to retrieve the wrong contents for the resulting document. These contents will appear randomly from the cached versions of an...
HTTP Content-Length header can be used to execute arbitrary code – Opera Security Advisories
HTTP Content-Length header can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | March 17, 2010 Affected versions This vulnerability affects Opera for Microsoft Windows. Severity Highly Severe Description Large values in the HTTP Content-Length header can cause Opera to...
HTTP Content-Length header can be used to execute arbitrary code
Large values in the HTTP Content-Length header can cause Opera to crash. Certain specific values can cause a memory corruption, which in some cases can allow arbitrary code to be injected and executed. In most cases Opera will just crash. To inject code, additional techniques will have to be...
Cross-domain data theft with CSS load – Opera Security Advisories
Cross-domain data theft with CSS load – Opera Security Advisories OPCOM Team | January 11, 2010 Summary CSS can be loaded cross-domain, and in some cases it is be possible to read the data pointed to, leading to the possibility of cross-domain data theft. Severity Moderate Opera’s response Opera...
Cross-domain data theft with CSS load
CSS can be loaded cross-domain, and in some cases it is be possible to read the data pointed to, leading to the possibility of cross-domain data theft...
Error messages can leak onto unrelated sites
Scripting error messages are normally available only to the page that caused the error. In some cases, the error messages could be passed to other sites as the contents of unrelated variables, and may contain sensitive information. If those sites write the content into the page markup, this could...
Heap buffer overflow in string to number conversion – Opera Security Advisories
Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. This also affects the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash...
Heap buffer overflow in string to number conversion
Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. This also affects the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash...
Error messages can leak onto unrelated sites – Opera Security Advisories
Scripting error messages are normally available only to the page that caused the error. In some cases, the error messages could be passed to other sites as the contents of unrelated variables, and may contain sensitive information. If those sites write the content into the page markup, this could...
Opera may allow scripts to access feeds
Opera may allow scripts to run on the feed subscription page, thereby gaining access to the feeds object. This can be used for automatic subscription of feeds, or reading other feeds...
Web fonts can be used to spoof the page address
In some cases, a Web font intended to be used for page content could be incorrectly used by Opera to render parts of the user interface, including the address field. This can be used by a malicious site to display a false domain name in the address field...
Certain domain names can allow execution of arbitrary code
Specially crafted domain names can cause a memory corruption in Opera, which may lead to a crash. Successful exploitation can lead to execution of arbitrary code...
Web fonts can be used to spoof the page address – Opera Security Advisories
In some cases, a Web font intended to be used for page content could be incorrectly used by Opera to render parts of the user interface, including the address field. This can be used by a malicious site to display a false domain name in the address field...