Opera Web Browser Security Vulnerabilities and Issues — Opera Web Browser CVE List

Lucene search

Opera SoftwareOpera Web Browser

13 matches found

CVE•added 2005/02/08 5:0 a.m.•71 views

CVE-2005-0233

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which ...

7.5CVSS6.2AI score0.08584EPSS

CVE•added 2002/05/29 4:0 a.m.•53 views

CVE-2002-0270

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web ap...

4.3CVSS6.8AI score0.00281EPSS

CVE•added 2007/10/26 7:0 p.m.•41 views

CVE-2002-2311

Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the...

6.4CVSS7.2AI score0.2266EPSS

CVE•added 2004/09/01 4:0 a.m.•40 views

CVE-2002-1091

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

7.5CVSS7.6AI score0.04513EPSS

CVE•added 2002/02/02 5:0 a.m.•38 views

CVE-2001-0898

Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.

5CVSS6.8AI score0.03917EPSS

CVE•added 2007/10/26 7:0 p.m.•34 views

CVE-2002-2332

Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.

5CVSS7.3AI score0.00583EPSS

CVE•added 2007/10/29 7:0 p.m.•34 views

CVE-2002-2358

Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.

4.3CVSS6AI score0.00346EPSS

CVE•added 2005/06/21 4:0 a.m.•31 views

CVE-2001-1491

Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.

5CVSS7AI score0.04721EPSS

CVE•added 2002/08/12 4:0 a.m.•29 views

CVE-2002-0783

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.

7.5CVSS7.7AI score0.07681EPSS

CVE•added 2002/05/03 4:0 a.m.•28 views

CVE-2001-1245

Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.

5CVSS7.2AI score0.01099EPSS

CVE•added 2003/04/02 5:0 a.m.•27 views

CVE-2002-0898

Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.

5CVSS7.1AI score0.04709EPSS

CVE•added 2001/09/12 4:0 a.m.•25 views

CVE-1999-1283

Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag.

5CVSS7.4AI score0.00655EPSS

CVE•added 2002/05/29 4:0 a.m.•24 views

CVE-2002-0243

Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.

7.5CVSS7.1AI score0.00636EPSS