Opera Browser@11.10 Security Vulnerabilities and Issues — Opera Browser@11.10 CVE List

5CVSS7AI score0.00535EPSS

CVE-2011-2617

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements.

5CVSS7AI score0.00535EPSS

CVE-2011-2621

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form layout.

CVE-2011-2631

The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service (infinite repaint loop and application hang) via a web page, as demonstrated by an unspecified Wikipedia page.

CVE-2011-2637

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org.

CVE•added 2011/12/07 7:55 p.m.•49 views

CVE-2011-4687

Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonstrated by a page under the cisco.com home page.

5CVSS6.5AI score0.00756EPSS

CVE•added 2012/03/28 3:22 a.m.•49 views

CVE-2012-1925

Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows.

6.8CVSS7.3AI score0.01556EPSS

CVE•added 2013/01/02 11:46 a.m.•49 views

CVE-2012-6461

The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.

5CVSS6.4AI score0.00131EPSS

CVE•added 2013/01/02 11:46 a.m.•49 views

CVE-2012-6468

Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.

9.3CVSS8.1AI score0.08063EPSS

CVE•added 2013/04/19 11:44 a.m.•48 views

CVE-2013-3211

Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS6.4AI score0.00423EPSS

CVE•added 2011/12/07 7:55 p.m.•47 views

CVE-2011-4682

The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites.

6.4CVSS7.2AI score0.00134EPSS

CVE•added 2012/06/14 7:55 p.m.•47 views

CVE-2012-3562

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.

4.3CVSS6.5AI score0.00408EPSS

CVE•added 2011/07/01 10:55 a.m.•46 views

CVE-2011-2609

Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

4.3CVSS6.7AI score0.00513EPSS

CVE•added 2011/07/01 10:55 a.m.•46 views

CVE-2011-2614

The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn.

5CVSS7.1AI score0.00535EPSS

CVE•added 2011/07/01 10:55 a.m.•46 views

CVE-2011-2624

Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview.

4.3CVSS7.1AI score0.005EPSS

CVE•added 2011/12/07 7:55 p.m.•46 views

CVE-2011-4681

Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as de...

5CVSS7.3AI score0.0022EPSS

CVE•added 2012/08/06 4:55 p.m.•46 views

CVE-2012-4142

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

4.3CVSS5.4AI score0.00418EPSS

CVE•added 2013/01/02 11:46 a.m.•46 views

CVE-2012-6469

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.

5CVSS6.3AI score0.0026EPSS

CVE•added 2011/07/01 10:55 a.m.•45 views

CVE-2011-2616

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org.

CVE•added 2011/07/01 10:55 a.m.•45 views

CVE-2011-2622

Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

CVE•added 2011/07/01 10:55 a.m.•45 views

CVE-2011-2627

Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com.

CVE•added 2011/12/07 7:55 p.m.•45 views

CVE-2011-4686

Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5CVSS6.4AI score0.00756EPSS

CVE•added 2012/02/07 4:9 a.m.•45 views

CVE-2012-1003

Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor report...

5CVSS6.7AI score0.00481EPSS

CVE•added 2012/06/14 7:55 p.m.•45 views

CVE-2012-3568

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.

5CVSS6.5AI score0.00436EPSS

CVE•added 2012/08/06 4:55 p.m.•45 views

CVE-2012-4146

Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page.

4.3CVSS6.3AI score0.00461EPSS

CVE•added 2011/07/01 10:55 a.m.•44 views

CVE-2011-2628

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.

10CVSS7.8AI score0.28276EPSS

CVE•added 2011/07/01 10:55 a.m.•44 views

CVE-2011-2629

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de.

CVE•added 2011/07/01 10:55 a.m.•44 views

CVE-2011-2638

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com.

CVE•added 2011/09/06 7:55 p.m.•44 views

CVE-2011-3388

Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security i...

4.3CVSS7.2AI score0.01018EPSS

CVE•added 2011/12/07 7:55 p.m.•44 views

CVE-2011-4683

Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."

10CVSS7.2AI score0.00539EPSS

CVE•added 2012/03/28 3:22 a.m.•44 views

CVE-2012-1928

Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain.

6.4CVSS7.2AI score0.01662EPSS

CVE•added 2012/06/14 7:55 p.m.•44 views

CVE-2012-3558

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.

2.6CVSS7.1AI score0.00339EPSS

4.3CVSS7.2AI score0.02017EPSS

CVE-2011-1337

Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages.

10CVSS7.2AI score0.00533EPSS

CVE-2011-2610

Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."

CVE-2011-2612

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru.

CVE-2011-2615

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com.