391 matches found
Feed preview can reveal contents of unrelated news feeds – Opera Security Advisories
Feed preview can reveal contents of unrelated news feeds – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Platforms All desktop versions Problem Description When Opera is previewing a news feed, some scripts are not correctly blocked. These scripts are able to...
Fast Forward can allow cross-site scripting – Opera Security Advisories
Fast Forward can allow cross-site scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Platforms All desktop versions Problem Description If a link that uses a JavaScript URL triggers Opera’s Fast Forward feature, when the user activates Fast Forward, the...
Java applets can be used to read sensitive information – Opera Security Advisories
Java applets can be used to read sensitive information – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Highly Severe Problem Description Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it...
Specially crafted addresses can execute arbitrary code – Opera Security Advisories
Specially crafted addresses can execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, th...
The links panel can allow cross-site scripting – Opera Security Advisories
The links panel can allow cross-site scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is...
Custom shortcuts can pass the wrong parameters to applications – Opera Security Advisories
Custom shortcuts can pass the wrong parameters to applications – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description Custom shortcut and menu commands can be used to activate external applications. In some cases, the parameters passed to these...
Sites can change framed content on other sites – Opera Security Advisories
Sites can change framed content on other sites – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be...
Feed subscription can cause the wrong page address to be displayed – Opera Security Advisories
Feed subscription can cause the wrong page address to be displayed – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Not Severe Problem Description It has been reported that when a user subscribes to a news feed using the feed subscription button, the page address can be changed...
Feed links can link to local files – Opera Security Advisories
Feed links can link to local files – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Less Severe Problem Description As a security precaution, Opera does not allow Web pages to link to files on the user’s local disk. However, a flaw exists that allows Web pages to link to feed...
Insecure pages can show incorrect security information – Opera Security Advisories
Insecure pages can show incorrect security information – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Less Severe Problem Description When insecure pages load content from secure sites into a frame, they can cause Opera to incorrectly report the insecure site as being secure...
History Search can reveal browsing history – Opera Security Advisories
History Search can reveal browsing history – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Platforms All desktop versions Problem Description Certain constructs are not escaped correctly by Opera’s History Search results. These can be used to inject scripts in...
Representation of DOM attribute values could allow cross-site scripting – Opera Security Advisories
Representation of DOM attribute values could allow cross-site scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description When XML is imported into a document, its attribute values are not correctly presented to the DOM. This can allow their...
Startup crash can allow execution of arbitrary code – Opera Security Advisories
Startup crash can allow execution of arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this...
Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories
Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When an application attempts to access a URL that uses a protocol that it does not understand, it may...
Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories
Malformed JPEG headers can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description A specially crafted JPEG header can cause Opera to crash, allowing execution of arbitrary code. Opera’s Response Opera Software has...
canvas functions can reveal data from random places in memory – Opera Security Advisories
canvas functions can reveal data from random places in memory – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately severe Problem description There is a flaw in the way that certain canvas functions are handled, that can cause the canvas to be painted with very small...
Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories
Simulated text inputs can trick users into uploading arbitrary files – Opera Security Advisories OPCOM Team | December 16, 2008 Severity: Moderately Severe Problem Description When a user types into a file input, scripts can cause some of the keystrokes to be ignored. If the script can convince t...
Opera security upgrade for Linux, Solaris and FreeBSD – Opera Security Advisories
Opera security upgrade for Linux, Solaris and FreeBSD – Opera Security Advisories OPCOM Team | December 16, 2008 Summary Opera 9.20 has a highly recommended security upgrade for users of the Adobe Flash Player on Linux, Solaris and FreeBSD Severity Highly critical Problem description A security...
Resized canvas patterns can cause Opera to execute arbitrary code – Opera Security Advisories
Resized canvas patterns can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause...
Newsfeed prompt can cause Opera to execute arbitrary code – Opera Security Advisories
Newsfeed prompt can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description When Opera encounters a newsfeed source on a Web page, it prompts to add the source as a newsfeed. A script can manipulate the feed sourc...
Image properties can be used to execute scripts – Opera Security Advisories
Image properties can be used to execute scripts – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This...
Rich editing allows cross domain scripting – Opera Security Advisories
Rich editing allows cross domain scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Problem Description Rich editing using designMode allows page contents to be edited. Pages can use this ability to inject scripts into pages from other domains. This allows cross domain scripting...
Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories
Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderate Problem description Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own characte...
Malformed bitmaps can reveal old data from random places in memory – Opera Security Advisories
Malformed bitmaps can reveal old data from random places in memory – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Usi...
Manipulating text input contents can allow execution of arbitrary code
Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code...
Script injection in feed preview can reveal contents of unrelated news feeds
When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive...
HTML parsing flaw can cause Opera to execute arbitrary code
Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be employed...
Long hostnames in file: URLs can cause execution of arbitrary code
Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remote Web pages cannot refer to file: URLs, so successful exploitation involves tricking users into manually opening the exploit URL, or a local file that refers to it...
Built-in XSLT templates can allow cross-site scripting
Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the securi...
Script injection in feed preview can reveal contents of unrelated news feeds – Opera Security Advisories
Script injection in feed preview can reveal contents of unrelated news feeds – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Highly Severe Problem Description When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which ar...
HTML parsing flaw can cause Opera to execute arbitrary code – Opera Security Advisories
HTML parsing flaw can cause Opera to execute arbitrary code – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Extremely Severe Problem Description Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional...
Manipulating text input contents can allow execution of arbitrary code – Opera Security Advisories
Manipulating text input contents can allow execution of arbitrary code – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Extremely Severe Problem Description Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code...
Long hostnames in file: URLs can cause execution of arbitrary code – Opera Security Advisories
Long hostnames in file: URLs can cause execution of arbitrary code – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Highly Severe Problem Description Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remot...
Built-in XSLT templates can allow cross-site scripting – Opera Security Advisories
Built-in XSLT templates can allow cross-site scripting – Opera Security Advisories OPCOM Team | December 15, 2008 Severity Highly Severe Problem Description Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untruste...
Pages held in frames are able to change the location of pages in unrelated frames on the parent page
Pages from different sources held on the same parent page should not be able to modify the locations of each other. In affected Opera versions, if a page contains frames from both a trusted but not secured, and an untrusted source, the untrusted page is able to replace the contents of a named...
Pages held in frames are able to change the location of pages in unrelated frames on the parent page – Opera Security Advisories
Pages held in frames are able to change the location of pages in unrelated frames on the parent page – Opera Security Advisories OPCOM Team | June 11, 2008 Severity: Less Severe Problem Description: Pages from different sources held on the same parent page should not be able to modify the locatio...
Certain characters can obscure the page address
When a page address contains certain characters, they can cause the page address text to be misplaced. In some cases, this could make characters be indistinguishable from each other, allowing some site addresses to look like other site addresses...
Images can be read cross-domain with canvas
HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the image data should no longer be available to scripts. A flaw exists in the way that Opera checks for the source of these images. Suitable...
Certain characters can obscure the page address – Opera Security Advisories
Certain characters can obscure the page address – Opera Security Advisories OPCOM Team | June 9, 2008 Severity: Less Severe Problem Description When a page address contains certain characters, they can cause the page address text to be misplaced. In some cases, this could make characters be...
Images can be read cross-domain with canvas – Opera Security Advisories
Images can be read cross-domain with canvas – Opera Security Advisories OPCOM Team | June 9, 2008 Severity: Less Severe Problem Description HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the...
Opera security upgrade for Mac OS X
Opera 9.24 has a highly recommended security upgrade for users of the Adobe Flash Player 9.0.47.0 and earlier on Mac OS X. A security issue in Adobe Flash Player 9.0.47.0 and earlier running in Opera on Mac OS X has been found. Details about the vulnerability will be disclosed at a later date...
Opera security upgrade for Mac OS X – Opera Security Advisories
Opera security upgrade for Mac OS X – Opera Security Advisories OPCOM Team | October 18, 2007 Opera security upgrade for Mac OS X. Severity: Highly Severe Affected Versions Mac OS X system with the Opera Web browser and the Adobe Flash Player 9.0.47.0 and earlier installed. Problem Description...
External news readers and e-mail clients can be used to execute arbitrary code
If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code...
Scripts can overwrite functions on pages from other domains
When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site...
Scripts can overwrite functions on pages from other domains – Opera Security Advisories
Scripts can overwrite functions on pages from other domains – Opera Security Advisories OPCOM Team | October 16, 2007 Scripts can overwrite functions on pages from other domains. Severity: Highly Severe Affected Versions All versions of Opera for Desktop prior to Opera 9.24. Problem Description...
External news readers and e-mail clients can be used to execute arbitrary code – Opera Security Advisories
External news readers and e-mail clients can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | October 16, 2007 External news readers and e-mail clients can be used to execute arbitrary code. Severity: Highly Severe Affected Versions All versions of Opera for Desktop prio...
a specially crafted JavaScript can make Opera execute arbitrary code
A virtual function call on an invalid pointer that may referencedata crafted by the attacker can be used to execute arbitrary code...
a specially crafted JavaScript can make Opera execute arbitrary code – Opera Security Advisories
a specially crafted JavaScript can make Opera execute arbitrary code – Opera Security Advisories OPCOM Team | August 7, 2007 A specially crafted JavaScript can make Opera execute arbitrary code. Severity: Highly severe Problem description A virtual function call on an invalid pointer that may...
Opera's HTTP authentication cuts off long server names at the end
Opera's HTTP authentication dialog is displayed when the user enters a Web pagethat requires a login name and a password. To inform the user which server itwas that asked for login credentials, the dialog displays the server name.The user has to see the entire server name. A truncated name can be...
The createPattern function can reveal old data from random places in memory
Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function thatleaves old data that was in the memory before Opera allocated itin the new pattern. The pattern can be read and analyzed byJavaScript, so an attacker can get random samples of the user'smemory, which may contain da...