Lucene search

K
OperaOpera Browser

282 matches found

CVE
CVE
added 2011/12/07 7:55 p.m.47 views

CVE-2010-5068

The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

4.3CVSS5.6AI score0.00732EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.47 views

CVE-2011-4682

The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites.

6.4CVSS7.2AI score0.00134EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.47 views

CVE-2012-3562

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.

4.3CVSS6.5AI score0.00408EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.46 views

CVE-2004-0537

Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces.

5CVSS6.6AI score0.00651EPSS
CVE
CVE
added 2005/02/17 5:0 a.m.46 views

CVE-2004-1490

Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.

2.6CVSS6.7AI score0.01133EPSS
CVE
CVE
added 2005/07/19 4:0 a.m.46 views

CVE-2004-2260

Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.

5CVSS6.6AI score0.00917EPSS
CVE
CVE
added 2006/02/15 11:0 a.m.46 views

CVE-2005-4718

Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margi...

5CVSS6.8AI score0.1086EPSS
CVE
CVE
added 2008/06/16 10:41 p.m.46 views

CVE-2008-2715

Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.

5CVSS6.2AI score0.00705EPSS
CVE
CVE
added 2008/10/23 10:0 p.m.46 views

CVE-2008-4694

Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.

9.3CVSS8.7AI score0.18706EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.46 views

CVE-2009-2063

Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

6.8CVSS7.4AI score0.00269EPSS
CVE
CVE
added 2010/06/01 8:30 p.m.46 views

CVE-2010-2121

Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

4.3CVSS7.4AI score0.0078EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.46 views

CVE-2010-2662

Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."

4.3CVSS7.3AI score0.00246EPSS
CVE
CVE
added 2010/12/22 3:0 a.m.46 views

CVE-2010-4579

Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs the (1) security information dialog or (2) download dialog.

5CVSS7.2AI score0.00701EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.46 views

CVE-2011-0681

The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.

4.3CVSS7.1AI score0.00288EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.46 views

CVE-2011-2609

Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

4.3CVSS6.7AI score0.00513EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.46 views

CVE-2011-2614

The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn.

5CVSS7.1AI score0.00535EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.46 views

CVE-2011-2624

Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview.

4.3CVSS7.1AI score0.005EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.46 views

CVE-2011-4681

Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as de...

5CVSS7.3AI score0.0022EPSS
CVE
CVE
added 2012/08/06 4:55 p.m.46 views

CVE-2012-4142

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

4.3CVSS5.4AI score0.00418EPSS
CVE
CVE
added 2013/01/02 11:46 a.m.46 views

CVE-2012-6469

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.

5CVSS6.3AI score0.0026EPSS
CVE
CVE
added 2005/04/16 4:0 a.m.45 views

CVE-2005-1139

Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks.

7.5CVSS6.4AI score0.00445EPSS
CVE
CVE
added 2007/01/09 2:28 a.m.45 views

CVE-2007-0127

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be reference...

9.3CVSS7.2AI score0.09725EPSS
CVE
CVE
added 2007/06/11 6:30 p.m.45 views

CVE-2007-3142

Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication.

5.8CVSS6.4AI score0.00674EPSS
CVE
CVE
added 2007/08/15 11:17 p.m.45 views

CVE-2007-4367

Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."

9.3CVSS7.4AI score0.07752EPSS
CVE
CVE
added 2008/12/19 4:30 p.m.45 views

CVE-2008-5682

Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.

4.3CVSS5.5AI score0.00475EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.45 views

CVE-2009-2059

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" at...

6.8CVSS7.3AI score0.00235EPSS
CVE
CVE
added 2009/09/18 10:30 p.m.45 views

CVE-2009-3265

Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "de...

4.3CVSS5.4AI score0.00225EPSS
CVE
CVE
added 2010/06/22 5:30 p.m.45 views

CVE-2010-2421

Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.

10CVSS7.4AI score0.0147EPSS
CVE
CVE
added 2010/07/08 12:54 p.m.45 views

CVE-2010-2663

Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element.

4.3CVSS7.2AI score0.00686EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.45 views

CVE-2010-4046

Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.

4.3CVSS6.1AI score0.00777EPSS
CVE
CVE
added 2010/12/22 3:0 a.m.45 views

CVE-2010-4583

Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site.

2.6CVSS7.1AI score0.00329EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.45 views

CVE-2011-2616

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.45 views

CVE-2011-2622

Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.45 views

CVE-2011-2627

Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com.

5CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.45 views

CVE-2011-4686

Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5CVSS6.4AI score0.00756EPSS
CVE
CVE
added 2012/02/07 4:9 a.m.45 views

CVE-2012-1003

Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor report...

5CVSS6.7AI score0.00481EPSS
CVE
CVE
added 2012/06/14 7:55 p.m.45 views

CVE-2012-3568

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.

5CVSS6.5AI score0.00436EPSS
CVE
CVE
added 2012/08/06 4:55 p.m.45 views

CVE-2012-4146

Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page.

4.3CVSS6.3AI score0.00461EPSS
CVE
CVE
added 2005/06/16 4:0 a.m.44 views

CVE-2005-1475

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.

7.5CVSS6.4AI score0.00379EPSS
CVE
CVE
added 2005/08/01 4:0 a.m.44 views

CVE-2005-2406

Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI.

4.3CVSS5.8AI score0.00485EPSS
CVE
CVE
added 2006/06/30 11:5 p.m.44 views

CVE-2006-3331

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.

5CVSS6.7AI score0.0115EPSS
CVE
CVE
added 2007/02/07 11:28 a.m.44 views

CVE-2007-0802

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.

6.4CVSS6.5AI score0.00869EPSS
CVE
CVE
added 2009/09/18 10:30 p.m.44 views

CVE-2008-7245

Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

5CVSS6.5AI score0.02598EPSS
CVE
CVE
added 2009/10/30 8:30 p.m.44 views

CVE-2009-3832

Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.

5.8CVSS6.4AI score0.01217EPSS
CVE
CVE
added 2009/11/24 5:30 p.m.44 views

CVE-2009-4072

Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS7.3AI score0.01394EPSS
CVE
CVE
added 2010/08/16 6:39 p.m.44 views

CVE-2010-3020

The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content.

5CVSS7.3AI score0.00435EPSS
CVE
CVE
added 2010/12/22 3:0 a.m.44 views

CVE-2010-4585

Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of service (application crash) by triggering an Opera Unite update.

5CVSS7.1AI score0.00887EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.44 views

CVE-2010-5072

The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.

5CVSS6AI score0.0023EPSS
CVE
CVE
added 2011/01/31 9:0 p.m.44 views

CVE-2011-0682

Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.

9.3CVSS7.8AI score0.11628EPSS
CVE
CVE
added 2011/07/01 10:55 a.m.44 views

CVE-2011-2628

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.

10CVSS7.8AI score0.28276EPSS
Total number of security vulnerabilities282