389 matches found
Opera may allow scripts to access feeds
Opera may allow scripts to run on the feed subscription page, thereby gaining access to the feeds object. This can be used for automatic subscription of feeds, or reading other feeds...
Certain domain names can allow execution of arbitrary code
Specially crafted domain names can cause a memory corruption in Opera, which may lead to a crash. Successful exploitation can lead to execution of arbitrary code...
Web fonts can be used to spoof the page address – Opera Security Advisories
In some cases, a Web font intended to be used for page content could be incorrectly used by Opera to render parts of the user interface, including the address field. This can be used by a malicious site to display a false domain name in the address field...
*.com accepted as wildcard match in SSL/TLS name matching
Certificate authorities are expected to vet all certificate registrations, but may fail to prevent fraudulent or erroneous registrations. Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such...
Opera may show some incorrect characters in the address bar
Some Unicode characters are treated incorrectly, which might cause international domain names that use them to be shown in the wrong format. Showing these addresses in Unicode instead of punycode could allow for limited address spoofing...
Sites using revoked intermediate certificates might be shown as secure
Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure...
Adress bar is not always updated correctly when collapsed
The collapsed Address bar can in some cases temporarily show the previous domain instead of the domain of the present site...
Pages can trick users into uploading files
On some Linux or Unix installations, Opera would pass a dropped file to a file input, making it possible for a page to trick users to upload files without the user's knowledge...
MD2 algorithm used by security certificates is considered weak
Digital signatures made with the MD2 algorithm are used in some of the issuer certificates that Opera trusts. MD2 is now considered weak...
Sites using revoked intermediate certificates might be shown as secure – Opera Security Advisories
Sites using revoked intermediate certificates might be shown as secure – Opera Security Advisories OPCOM Team | August 29, 2009 Summary Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the...
Random number generator and input name linebreaks can be used to send custom data to other sites
Input names can contain line breaks when data is sent using POST. Suitable use of the random number generator can reveal predictable boundaries that will be used when sending the POST data. These can be combined to add extra boundaries into the data, containing payloads that may confuse the...
Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories
Random number generator and input name linebreaks can be used to send custom data to other sites – Opera Security Advisories OPCOM Team | June 10, 2009 Severity Moderately severe Problem description Input names can contain line breaks when data is sent using POST. Suitable use of the random numbe...
Specially crafted JPEG images can be used to execute arbitrary code
Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code...
Specially crafted JPEG images can be used to execute arbitrary code – Opera Security Advisories
Specially crafted JPEG images can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | February 25, 2009 Severity Extremely Severe Problem Description Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of...
TLS certificates can be used to execute arbitrary code
When connecting to a TLS-protected website, Opera parses the X.509 certificate. If a site uses a specially crafted Subject Alternative Name in the certificate, it can cause Opera to crash. To inject code, additional means will have to be employed...
TLS certificates can be used to execute arbitrary code – Opera Security Advisories
TLS certificates can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | February 13, 2009 Severity Highly Severe Problem Description When connecting to a TLS-protected website, Opera parses the X.509 certificate. If a site uses a specially crafted Subject Alternative Name ...
Certain characters can be used to allow cross-site scripting
When accepting HTML content from untrusted users, Web sites sometimes employ some kind of filtering to ensure that the content cannot contain scripts. If the content is to be used inside an HTML attribute, characters that separate attributes need to be filtered out to prevent scripted attributes...
Certain characters can be used to allow cross-site scripting – Opera Security Advisories
Certain characters can be used to allow cross-site scripting – Opera Security Advisories OPCOM Team | December 17, 2008 Severity Highly Severe Problem Description When accepting HTML content from untrusted users, Web sites sometimes employ some kind of filtering to ensure that the content cannot...
canvas functions can reveal data from random places in memory
There is a flaw in the way that certain canvas functions are handled, that can cause the canvas to be painted with very small amounts of data constructed from random memory. The resulting canvas image can be read and analyzed by JavaScript, so an attacker can get random samples of the user's...
A JPEG image with a malformed header can crash Opera
A specially crafted DHT marker in the JPEG file header can causea heap overflow. The malformed image alone will only cause a crash. To exploitthe flaw, the computer's memory must first be filled up withcode of the attacker's choice. This is not trivial to do reliably,so attempted attacks will oft...
Java applets can be used to read sensitive information
Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it to run in the context of the local machine. This allows it to read other cache files on the computer or perform other normally more restrictive actions. Thes...
History Search can reveal browsing history
Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to look through the user's browsing history, including the contents of the pages they have visited. These may contain sensitive information...
Feed links can link to local files
As a security precaution, Opera does not allow Web pages to link to files on the user's local disk. However, a flaw exists that allows Web pages to link to feed source files on the user's computer. Suitable detection of JavaScript events and appropriate manipulation can unreliably allow a script ...
The links panel can allow cross-site scripting
The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated...
Feed subscription can cause the wrong page address to be displayed
It has been reported that when a user subscribes to a news feed using the feed subscription button, the page address can be changed. This causes the address field not to update correctly. Although this can mean that that misleading information can be displayed in the address field, it can only...
Resized canvas patterns can cause Opera to execute arbitrary code
HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause Opera to crash. This crash can sometimes cause memory corruption. To inject code, additional techniques will have to be employed...
Specially crafted addresses can execute arbitrary code
If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page...
Registering Opera as a protocol handler can allow it to be used to execute arbitrary code
When an application attempts to access a URL that uses a protocol that it does not understand, it may choose to pass the URL to a registered handler for that protocol. If that registered handler is Opera, it will be started, passing the URL to open. Some external applications do not ensure that t...
Newsfeed prompt can cause Opera to execute arbitrary code
When Opera encounters a newsfeed source on a Web page, it prompts to add the source as a newsfeed. A script can manipulate the feed source in a way that can cause Opera to crash. The crash is caused by an erroneous memory access. To inject code, additional techniques will have to be employed...
Image properties can be used to execute scripts
Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This can cause the script to be run in the wrong security context...
Representation of DOM attribute values could allow cross-site scripting
When XML is imported into a document, its attribute values are not correctly presented to the DOM. This can allow their values to bypass sanitization filters. If these values are used as document content, they may in some cases allow scripts to be inserted...
Insecure pages can show incorrect security information
When insecure pages load content from secure sites into a frame, they can cause Opera to incorrectly report the insecure site as being secure. The padlock icon will incorrectly be shown, and the security information dialog will state that the connection is secure, but without any certificate...
Fast Forward can allow cross-site scripting
If a link that uses a JavaScript URL triggers Opera's Fast Forward feature, when the user activates Fast Forward, the script should run on the current page. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can b...
Custom shortcuts can pass the wrong parameters to applications
Custom shortcut and menu commands can be used to activate external applications. In some cases, the parameters passed to these applications are not prepared correctly, and may be created from uninitialized memory. These may be misinterpreted as additional parameters, and depending on the...
Malformed JPEG headers can be used to execute arbitrary code
A specially crafted JPEG header can cause Opera to crash, allowing execution of arbitrary code...
Opera security upgrade for Linux, Solaris and FreeBSD
A security issue in the Adobe Flash Player running in Opera on Linux, Solaris or FreeBSD has been found. Details about the vulnerability will be disclosed at a later date...
Simulated text inputs can trick users into uploading arbitrary files
When a user types into a file input, scripts can cause some of the keystrokes to be ignored. If the script can convince the user that they are typing into a normal text input, and not let them see that their keystrokes are being ignored, it can cause the input to point to known file paths on the...
Rich editing allows cross domain scripting
Rich editing using designMode allows page contents to be edited. Pages can use this ability to inject scripts into pages from other domains. This allows cross domain scripting...
Sites can change framed content on other sites
Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to open pages from other...
Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting
Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own character encoding.A malicious page that uses the UTF-7 character encoding can includeother sites, for example inside iframes. This can be exploited toperform cross-site scripting...
History Search can be used to execute arbitrary code
When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration, allowing them...
Feed preview can reveal contents of unrelated news feeds
When Opera is previewing a news feed, some scripts are not correctly blocked. These scripts are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information...
Malformed bitmaps can reveal old data from random places in memory
Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Using canvas, the pattern can be read and analyzed by JavaScript, so an attacker can get random samples of the user's memory, which may contain data...
Startup crash can allow execution of arbitrary code
When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this way can cause Opera to crash. To inject code, additional techniques will have to be employed...
Startup crash can allow execution of arbitrary code – Opera Security Advisories
Startup crash can allow execution of arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this...
canvas functions can reveal data from random places in memory – Opera Security Advisories
canvas functions can reveal data from random places in memory – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately severe Problem description There is a flaw in the way that certain canvas functions are handled, that can cause the canvas to be painted with very small...
Sites can change framed content on other sites – Opera Security Advisories
Sites can change framed content on other sites – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be...
Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories
Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When an application attempts to access a URL that uses a protocol that it does not understand, it may...
Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories
Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description A specially crafted JPEG header can cause Opera to crash, allowing execution of arbitrary code. Opera’s Response Opera Software has...
Newsfeed prompt can cause Opera to execute arbitrary code – Opera Security Advisories
Newsfeed prompt can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description When Opera encounters a newsfeed source on a Web page, it prompts to add the source as a newsfeed. A script can manipulate the feed sourc...