282 matches found
CVE-2015-4000
CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...
CVE-2011-3389
CVE-2011-3389 is the BEAST information-disclosure vulnerability in TLS/SSL CBC-mode encryption, allowing a network attacker to glean plaintext headers under certain configurations (e.g., when CBC with chained IVs is used and the attacker can inject/observe traffic). The connected documents show m...
CVE-2018-18913
Opera before 57.0.3098.106 is affected by a DLL Search Order Hijacking vulnerability (CVE-2018-18913). An attacker can craft a ZIP containing an HTML page and a malicious DLL; when the document is opened, Opera searches for shcore.dll and dcomp.dll in the system directory, enabling the attacker t...
CVE-2016-7153
CVE-2016-7153 describes a vulnerability in the HTTP/2 protocol where the TCP congestion window is not considered when determining content length, potentially enabling an attacker to obtain cleartext data by leveraging a web browser configuration that sends third‑party cookies (HEIST). The connect...
CVE-2012-1926
CVE-2012-1926 affects the Opera web browser prior to 11.62. The issue arises when using the History API (history.pushState/history.replaceState) in conjunction with cross-domain frames, bypassing the Same Origin Policy and enabling unintended read access to history.state. The vulnerability is doc...
CVE-2005-0233
The CVE-2005-0233 entry describes an IDN spoofing vulnerability in Mozilla/Firefox-related products: IDN support in Firefox 1.0, Camino 0.8.5, and Mozilla before 1.7.6 decodes punycode-encoded domain names in URLs and SSL certificates in a way that can render homograph characters from other scrip...
CVE-2005-3750
CVE-2005-3750 affects Opera before 8.51 on Linux/Unix. A remote attacker can execute arbitrary code by supplying a URL containing shell metacharacters (backticks) in a command-line argument used to launch Opera, enabling code execution without user interaction. The vulnerability score is CVSS v2 ...
CVE-2005-3699
CVE-2005-3699 affects Opera Web Browser 8.50 and 8.0–8.0.2. The issue allows remote attackers to spoof the URL shown in the status bar by manipulating the title of an image link within a form to a trusted site, directing users to a malicious site. Public details describe that the exploit involves...
CVE-2006-1834
Opera before 8.54 is affected by a vulnerability caused by an integer signedness error in the handling of long values in a stylesheet attribute, which can bypass a length check and potentially allow remote code execution. This is documented in multiple sources associated with CVE-2006-1834, inclu...
CVE-2008-7297
Opera browsers (Windows, macOS, Linux) are affected by CVE-2008-7297. The issue allows an attacker in a TLS-stripped or HTTP context to overwrite or delete cookies via a Set-Cookie header due to improper enforcement of HTTPS-only cookies, related to missing HSTS includeSubDomains. The vulnerabili...
CVE-2004-1489
Opera 7.54 and earlier versions expose an applet’s access to Sun Java internal packages, allowing remote attackers to read sensitive information such as user names and installation directory. Multiple connected sources corroborate the issue and the affected package is Opera (desktop/browser). The...
CVE-2005-0238
CVE-2005-0238 concerns the International Domain Name (IDN) support in Epiphany, where punycode-encoded domain names decoded in URLs and SSL certificates can be interpreted using homograph characters from other scripts. This enables remote attackers to spoof legitimate domain names and facilitates...
CVE-2013-1638
Opera before 12.13 is affected by CVE-2013-1638, allowing remote code execution via crafted SVG clipPaths. The connected advisories confirm the vulnerability in Opera and advise upgrading to a version containing the fix (e.g., Opera 12.13+). Remediation: upgrade to the latest Opera package that i...
CVE-2004-1157
CVE-2004-1157 affects Opera 7.x up to 7.54 (and possibly other versions). The issue allows remote spoofing of arbitrary websites by injecting content from one window into a target window that has a known name but resides in a different domain (a window-injection vulnerability). The impact is cont...
CVE-2009-1234
CVE-2009-1234 affects Opera 9.64 (and noted for 9.52) where an XML document containing a long sequence of start-tags with no matching end-tags can cause a remote denial of service (application crash). The connected advisories confirm this vulnerability in Opera and link it to multiple vendor upda...
CVE-2013-1618
Technical details specific to CVE-2013-1618 are not publicly provided in the supplied documents; related entries cite timing-side-channel issues linked to CVE-2013-0169 but do not detail this CVE.
CVE-2005-2407
Opera prior to 10.61 is affected by a design/implementation flaw where a malicious window can overlay a download dialog, enabling user‑assisted code execution via link hijacking or clickjacking. The issue is explicitly linked as related to CVE‑2005‑2407 and described in connected records as affec...
CVE-2006-4819
CVE-2006-4819 describes a heap-based buffer overflow in Opera 9.0 and 9.01 caused by parsing a URL within a tag. The overflow can allow remote code execution when a user visits a malicious page containing a specially crafted long URL in a tag (e.g., long link address). Public sources cite that Op...
CVE-2009-3269
Affected software: Opera 9.52 and earlier. Vulnerability: remote attackers can cause a denial of service (CPU consumption) through a series of automatic submissions of a form containing a KEYGEN element. This is the described impact. Root cause / context: the issue is linked to CVE-2009-1828 in r...
CVE-2003-0870
CVE-2003-0870 affects Opera 7.11 and 7.20 where rendering certain HREFs causes a heap-based buffer overflow, allowing remote code execution via an escaped server name. Exploitation would require a user opening a crafted page or email containing the malformed HREF, potentially compromising the hos...
CVE-2004-2570
CVE-2004-2570 affects Opera prior to 7.54. The vulnerability allows remote attackers to modify properties and methods of the browser’s location object and execute JavaScript to read arbitrary files from the client’s local filesystem or to display a spoofed/false URL. This cross-domain scripting-l...
CVE-2009-2070
CVE-2009-2070 describes a vulnerability in Opera where a proxy’s 4xx/5xx CONNECT responses trigger the browser to accept a forged certificate from the proxy in a single request, enabling a man‑in‑the‑middle attack. An attacker could then send a crafted 502 response on a subsequent request to spoo...
CVE-2009-2351
CVE-2009-1312 is referenced in MiracleLinux AXSA advisories as a vulnerability in Mozilla Firefox and SeaMonkey where javascript: URIs in Refresh headers in HTTP responses were not blocked. Affected versions include Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17; this could enable cross...
CVE-2011-2641
CVE-2011-2641 affects Opera 11.11, where remote attackers can crash the app by manipulating the FONT element’s FACE attribute inside an IFRAME after setting the IFRAME SRC to about:blank. This vulnerability enables a Denial of Service and is documented with an exploit reference (exploit-db). Publ...
CVE-2004-0473
Opera before 7.50 has an argument injection in its telnet URI handler: leading '-' in the telnet host name is not filtered, allowing remote attackers to pass options to the telnet program and overwrite files. The Gentoo GLSA and related advisories describe two concrete outcomes: creation or trunc...
CVE-2009-0915
CVE-2009-0915 affects Opera Web Browser prior to version 9.64, enabling remote cross-domain scripting via plug-ins. The linked SUSE/OpenVAS entries confirm Opera 9.64 as the remediation path and reference related CVEs (CVE-2009-0914, -0915, -0916). Affected component: Opera browser core with plug...
CVE-2010-2576
CVE-2010-2576 (Opera) affects Opera pre-10.61. The issue arises because download dialogs that become visible after a tab change are not properly suppressed, enabling a clickjacking vector. A remote attacker could exploit this to trigger arbitrary code execution via vectors involving (1) closing a...
CVE-2010-3021
Opera before 10.61 is affected by an unspecified vulnerability that can be exploited remotely to cause a denial of service (CPU consumption and application hang) via an animated PNG image. The issue is documented across multiple advisories (CVE-2010-3021). Impact is limited to the vulnerability c...
CVE-2005-1669
CVE-2005-1669 affects Opera 8.0 Final Build 1095. It is a cross-site scripting vulnerability where malicious javascript: URLs opened in a new window or frame allow remote script execution and potential unauthorized actions on other domains. Public references indicate Opera was updated to 8.01 to ...
CVE-2012-6466
CVE-2012-6466 affects Opera before 12.10, where improper handling of incorrect size data in a WebP image can cause a crafted image used as a fill pattern for a canvas to disclose potentially sensitive information from the process memory. The vulnerability enables memory information disclosure via...
CVE-2005-3059
CVE-2005-3059 affects Opera 8.50 on Linux and Windows. The vulnerabilities are described as multiple unspecified issues tied to (1) handling of the must-revalidate cache directive for HTTPS pages and (2) a cookie comment encoding display issue. The connected documents do not provide concrete expl...
CVE-2007-2022
CVE-2007-2022 describes a vulnerability in Adobe Flash Player used with Linux browsers (Opera < 9.20 or Konqueror
CVE-2009-2540
CVE-2009-2540 concerns Opera Web Browser (likely 9.64 and earlier) where a crafted HTML Select element with a large length value can trigger memory consumption, causing a denial of service. This is described as a related issue to CVE-2009-1692. Connected sources (OpenVAS entries) validate the ass...
CVE-2016-6908
CVE-2016-6908 : In Opera for Android (version 37.0.2192.105088), mishandling of certain Unicode characters (e.g., U+FE70, U+0622, U+0623) can cause URLs to render in RTL order when combined with the first strong character (often an alphabetic character). This can enable address-bar display spoofi...
CVE-2007-1377
CVE-2007-1377 affects Adobe Reader's AcroPDF.DLL when loaded from browsers (e.g., Firefox/Netscape/Opera). A remote adversary can trigger a denial of service by passing a PDF URL whose anchor starts with search= followed by a long sequence of %n characters, causing resource exhaustion (DoS). This...
CVE-2010-1349
Opera 10.10–10.50 contains a Content-Length header handling bug that can trigger a heap overflow, enabling remote code execution. Multiple connected advisories confirm a buffer/heap overflow vulnerability in Opera related to processing HTTP server replies and Content-Length values. Affected versi...
CVE-2010-1989
CVE-2010-1989 affects Opera 9.52, where an IMG element with SRC redirecting to a mailto: URL can trigger the external mail handler and exhaustively launch applications, causing denial of service via pages with many images. Root cause: image tag redirect to mailto. No remediation details are provi...
CVE-2011-2611
CVE-2011-2611 affects Opera browser prior to 11.50, with an unspecified vulnerability in the printing functionality that could be triggered by a crafted web page to cause application crash (DoS). Multiple vendor advisories confirm the issue and note that Opera 11.50 fixes address it. Remediation ...
CVE-2012-3555
CVE-2012-3555 affects Opera before 11.65, where keyboard sequences may not be tied to a visible window, enabling user‑assisted remote attackers to perform cross‑site scripting or execute arbitrary code via a crafted page (hidden keyboard navigation). The OpenVAS and vendor notes corroborate Opera...
CVE-2006-3198
CVE-2006-3198 affects Opera 8.54 and earlier. An integer overflow in JPEG handling may cause memory under-allocation, leading to a buffer overflow and possible arbitrary code execution. Public docs indicate upgrading to Opera 9.0 or newer as the remediation.
CVE-2006-3199
The entries describe a vulnerability in Opera 9 where remote attackers can cause a denial of service (crash) by crafting an A tag href containing a URL with a long hostname, triggering an out-of-bounds operation. Affected software: Opera 9 (web rendering/input handling related to HTML anchor href...
CVE-2010-0653
Opera before 10.10 allowed cross-origin loading of CSS stylesheets even when MIME type was incorrect and the stylesheet document malformed, enabling remote attackers to obtain sensitive information via a crafted document. The issue is confirmed across multiple sources: SUSE Gentoo GLSA references...
CVE-2010-4044
CVE-2010-4044 affects Opera Browser prior to 10.63. The vulnerability allows spoofing the address bar by resizing the window, causing the visible URL to omit the true beginning of the address, which could mislead users about the site they are visiting. The OpenVAS entries label this as multiple v...
CVE-2013-3211
CVE-2013-3211 is linked to Opera before 12.15. The connected OpenVAS entries describe Opera as prone to multiple vulnerabilities (Linux/Windows/macOS), with a CVSS v2 base score of 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C). The NVD entry characterizes the vulnerability as unspecified with unknown impact ...
CVE-2004-1491
CVE-2004-1491 affects Opera 7.54 and earlier. The vulnerability arises because Opera uses kfmclient exec to handle unknown MIME types, allowing a remote attacker to execute arbitrary code via a shortcut or launcher containing an Exec entry. Public documents confirm this as a real issue across mul...
CVE-2007-6520
Opera before 9.25 contains multiple vulnerabilities (CVE-2007-6520, CVE-2007-6521, CVE-2007-6522, CVE-2007-6524) that enable cross-domain scripting via plug-ins, TLS certificate handling that could allow arbitrary code execution, and memory disclosure through BMP/file handling. The issues affect ...
CVE-2009-1599
Summary: CVE-2009-1599 concerns a PDF-related JavaScript security bypass in Opera. The vulnerability arises when a javascript: URI is executed from the target attribute of a submit button inside a form contained in an inline PDF, potentially bypassing Adobe Acrobat JavaScript restrictions on acce...
CVE-2009-2067
The CVE-2009-2067 issue affects Opera browser. The vulnerability arises when an https page loads an http iframe referencing http content, allowing a MITM to inject arbitrary script within an https site context. This is tied to the HTTP-Intended-but-HTTPS-Loadable (HPIHSL) scenario and could enabl...
CVE-2010-2657
Opera versions older than 10.60 for Windows and macOS are affected by a vulnerability where certain double‑click actions on a web page can bypass the Open/Save dialog and lead to arbitrary code execution with user assistance. The issue is documented as CVE-2010-2657. The public details indicate t...
CVE-2012-3556
CVE-2012-3556 affects Opera before 11.65. A UI handling flaw allows opening a pop-up in response to the first click of a double-click action, enabling user-assisted remote XSS or arbitrary code execution via a crafted website. Affected: Opera desktop builds prior to 11.65 (per Red Hat advisory). ...