VuXML ID | Description |
0925716f-34e2-11e2-aa75-003067c2616f | opera -- execution of arbitrary code
Opera reports:
When requesting pages using HTTP, Opera temporarily stores the
response in a buffer. In some cases, Opera may incorrectly allocate
too little space for a buffer, and may then store too much of the
response in that buffer. This causes a buffer overflow, which in
turn can lead to a memory corruption and crash. It is possible to
use this crash to execute the overflowing data as code, which may
be controlled by an attacking site.
Discovery 2012-11-19 Entry 2012-11-22 Modified 2014-04-30 opera
< 12.11
opera-devel
< 12.11
linux-opera
< 12.11
linux-opera-devel
< 12.11
http://www.opera.com/support/kb/view/1036/
|
0e30e802-a9db-11dd-93a2-000bcdf0a03b | opera -- multiple vulnerabilities
Opera reports:
When certain parameters are passed to Opera's History
Search, they can cause content not to be correctly
sanitized. This can allow scripts to be injected into the
History Search results page. Such scripts can then run with
elevated privileges and interact with Opera's configuration,
allowing them to execute arbitrary code.
The links panel shows links in all frames on the current
page, including links with JavaScript URLs. When a page is
held in a frame, the script is incorrectly executed on the
outermost page, not the page where the URL was located.
This can be used to execute scripts in the context of an
unrelated frame, which allows cross-site scripting.
Discovery 2008-11-03 Entry 2008-11-03 Modified 2010-05-02 opera
linux-opera
< 9.62
CVE-2008-4794
http://www.opera.com/support/search/view/906/
http://www.opera.com/support/search/view/907/
|
12d266b6-363f-11dc-b6c9-000c6ec775d9 | opera -- multiple vulnerabilities
Opera Software ASA reports of multiple security fixes in
Opera, including an arbitrary code execute
vulnerability:
Opera for Linux, FreeBSD, and Solaris has a flaw in the
createPattern function that leaves old data that was in
the memory before Opera allocated it in the new
pattern. The pattern can be read and analyzed by
JavaScript, so an attacker can get random samples of the
user's memory, which may contain data.
Removing a specially crafted torrent from the download
manager can crash Opera. The crash is caused by an
erroneous memory access.
An attacker needs to entice the user to accept the
malicious BitTorrent download, and later remove it from
Opera's download manager. To inject code, additional means
will have to be employed.
Users clicking a BitTorrent link and rejecting the
download are not affected.
data: URLs embed data inside them, instead of linking to
an external resource. Opera can mistakenly display the end
of a data URL instead of the beginning. This allows an
attacker to spoof the URL of a trusted site.
Opera's HTTP authentication dialog is displayed when the
user enters a Web page that requires a login name and a
password. To inform the user which server it was that
asked for login credentials, the dialog displays the
server name.
The user has to see the entire server name. A truncated
name can be misleading. Opera's authentication dialog cuts
off the long server names at the right hand side, adding
an ellipsis (...) to indicate that it has been cut off.
The dialog has a predictable size, allowing an attacker
to create a server name which will look almost like a
trusted site, because the real domain name has been cut
off. The three dots at the end will not be obvious to all
users.
This flaw can be exploited by phishers who can set up
custom sub-domains, for example by hosting their own
public DNS.
Discovery 2007-07-19 Entry 2007-07-19 Modified 2010-05-12 opera
opera-devel
linux-opera
< 9.22
CVE-2007-3929
CVE-2007-4944
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=564
http://www.opera.com/support/search/view/861/
http://www.opera.com/support/search/view/862/
http://www.opera.com/support/search/view/863/
http://www.opera.com/support/search/view/864/
http://www.opera.com/docs/changelogs/freebsd/922/
|
1489df94-6bcb-11d9-a21e-000a95bc6fae | opera -- multiple vulnerabilities in Java implementation
Marc Schoenefeld reports:
Opera 7.54 is vulnerable to leakage of the java sandbox,
allowing malicious applets to gain unacceptable
privileges. This allows them to be used for information
gathering (spying) of local identity information and
system configurations as well as causing annoying crash
effects.
Opera 754 [sic] which was released Aug 5,2004 is
vulnerable to the XSLT processor covert channel attack,
which was corrected with JRE 1.4.2_05 [released in July
04], but in disadvantage to the users the opera packaging
guys chose to bundle the JRE 1.4.2_04 [...]
Internal pointer DoS exploitation: Opera.jar contains the
opera replacement of the java plugin. It therefore handles
communication between javascript and the Java VM via the
liveconnect protocol. The public class EcmaScriptObject
exposes a system memory pointer to the java address space,
by constructing a special variant of this type an internal
cache table can be polluted by false entries that infer
proper function of the JSObject class and in the following
proof-of-concept crash the browser.
Exposure of location of local java installation Sniffing
the URL classpath allows to retrieve the URLs of the
bootstrap class path and therefore the JDK installation
directory.
Exposure of local user name to an untrusted applet An
attacker could use the sun.security.krb5.Credentials class
to retrieve the name of the currently logged in user and
parse his home directory from the information which is
provided by the thrown
java.security.AccessControlException.
Discovery 2004-11-19 Entry 2005-01-24 opera
opera-devel
linux-opera
< 7.54.20041210
http://marc.theaimsgroup.com/?l=bugtraq&m=110088923127820
|
1fe734bf-4a06-11db-b48d-00508d6a62df | opera -- RSA Signature Forgery
Opera reports:
A specially crafted digital certificate can bypass Opera's
certificate signature verification. Forged certificates can
contain any false information the forger chooses, and Opera
will still present it as valid. Opera will not present any
warning dialogs in this case, and the security status will
be the highest possible (3). This defeats the protection
against "man in the middle", the attacks that SSL was
designed to prevent.
There is a flaw in OpenSSL's RSA signature verification
that affects digital certificates using 3 as the public
exponent. Some of the certificate issuers that are on
Opera's list of trusted signers have root certificates with
3 as the public exponent. The forged certificate can appear
to be signed by one of these.
Discovery 2006-09-18 Entry 2006-09-22 opera
opera-devel
linux-opera
< 9.02
CVE-2006-4339
http://secunia.com/advisories/21982/
http://secunia.com/advisories/21709/
http://www.cdc.informatik.tu-darmstadt.de/securebrowser/
http://www.openssl.org/news/secadv_20060905.txt
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
|
20c9bb14-81e6-11d9-a9e7-0001020eed82 | opera -- "data:" URI handler spoofing vulnerability
A Secunia Advisory reports:
Michael Holzt has discovered a vulnerability in Opera,
which can be exploited by malicious people to trick users
into executing malicious files.
The vulnerability is caused due to an error in the
processing of "data:" URIs, causing wrong information to
be shown in a download dialog. This can be exploited by
e.g. a malicious website to trick users into executing a
malicious file by supplying a specially crafted "data:"
URI.
Discovery 2005-01-12 Entry 2005-02-18 opera
opera-devel
linux-opera
< 7.54.20050131
CVE-2005-0456
882926
http://secunia.com/advisories/13818/
http://www.opera.com/freebsd/changelogs/754u2/
|
225bc349-ce10-11dd-a721-0030843d3802 | opera -- multiple vulnerabilities
The Opera Team reports:
Manipulating certain text-area contents can cause a buffer
overflow, which may be exploited to execute arbitrary code.
Certain HTML constructs can cause the resulting DOM to change
unexpectedly, which triggers a crash. To inject code, additional
techniques will have to be employed.
Exceptionally long host names in file: URLs can cause a buffer
overflow, which may be exploited to execute arbitrary code. Remote Web
pages cannot refer to file: URLs, so successful exploitation involves
tricking users into manually opening the exploit URL, or a local file
that refers to it.
When Opera is previewing a news feed, some scripted URLs are not
correctly blocked. These can execute scripts which are able to
subscribe the user to any feed URL that the attacker chooses, and can
also view the contents of any feeds that the user is subscribed to.
These may contain sensitive information.
Built-in XSLT templates incorrectly handle escaped content and can
cause it to be treated as markup. If a site accepts content from
untrusted users, which it then displays using XSLT as escaped strings,
this can allow scripted markup to be injected. The scripts will then
be executed in the security context of that site.
Discovery 2008-11-18 Entry 2008-12-19 opera
linux-opera
< 9.63
CVE-2008-5178
http://www.opera.com/support/kb/view/920/
http://www.opera.com/support/kb/view/921/
http://www.opera.com/support/kb/view/922/
http://www.opera.com/support/kb/view/923/
http://www.opera.com/support/kb/view/924/
http://secunia.com/advisories/32752/
|
2eda0c54-34ab-11e0-8103-00215c6a37bb | opera -- multiple vulnerabilities
Opera reports:
Opera 11.01 is a recommended upgrade offering security and
stability enhancements.
The following security vulnerabilities have been fixed:
- Removed support for "
javascript: " URLs in
CSS -o-link values, to make it easier for sites to filter
untrusted CSS.
- Fixed an issue where large form inputs could allow
execution of arbitrary code, as reported by Jordi Chancel;
see our advisory.
- Fixed an issue which made it possible to carry out
clickjacking attacks against internal opera: URLs;
see our advisory.
- Fixed issues which allowed web pages to gain limited
access to files on the user's computer; see our
advisory.
- Fixed an issue where email passwords were not immediately
deleted when deleting private data; see our
advisory.
Discovery 2011-01-26 Entry 2011-02-10 opera
opera-devel
linux-opera
< 11.01
CVE-2011-0450
CVE-2011-0681
CVE-2011-0682
CVE-2011-0683
CVE-2011-0684
CVE-2011-0685
CVE-2011-0686
CVE-2011-0687
http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://secunia.com/advisories/43023
|
2fda6bd2-c53c-11de-b157-001999392805 | opera -- multiple vulnerabilities
Opera Team Reports:
- Fixed an issue where certain domain names could allow execution
of arbitrary code, as reported by Chris Weber of Casaba Security
- Fixed an issue where scripts can run on the feed subscription
page, as reported by Inferno
Discovery 2009-10-28 Entry 2009-10-31 Modified 2010-05-02 opera
< 10.01.20091019
linux-opera
< 10.01
CVE-2009-3831
http://www.opera.com/support/kb/view/938/
http://www.opera.com/support/kb/view/939/
|
30c560ff-e0df-11dc-891a-02061b08fc24 | opera -- multiple vulnerabilities
Opera Software ASA reports about multiple security
fixes:
- Fixed an issue where simulated text inputs could trick
users into uploading arbitrary files, as reported by
Mozilla.
- Image properties can no longer be used to execute
scripts, as reported by Max Leonov.
- Fixed an issue where the representation of DOM
attribute values could allow cross site scripting, as
reported by Arnaud.lb.
Discovery 2008-02-20 Entry 2008-02-22 Modified 2010-05-12 opera
opera-devel
linux-opera
< 9.26
CVE-2008-1080
CVE-2008-1081
http://www.opera.com/docs/changelogs/freebsd/926/
http://www.opera.com/support/search/view/877/
http://www.opera.com/support/search/view/879/
http://www.opera.com/support/search/view/880/
|
31b045e7-ae75-11dc-a5f9-001a4d49522b | opera -- multiple vulnerabilities
Opera Software ASA reports about multiple security
fixes:
- Fixed an issue where plug-ins could be used to allow
cross domain scripting, as reported by David
Bloom. Details will be disclosed at a later date.
- Fixed an issue with TLS certificates that could be
used to execute arbitrary code, as reported by Alexander
Klink (Cynops GmbH). Details will be disclosed at a
later date.
- Rich text editing can no longer be used to allow cross
domain scripting, as reported by David Bloom. See our
advisory.
- Prevented bitmaps from revealing random data from
memory, as reported by Gynvael Coldwind. Details will be
disclosed at a later date.
Discovery 2007-12-19 Entry 2007-12-19 Modified 2007-12-29 opera
opera-devel
linux-opera
< 9.25
CVE-2007-6520
CVE-2007-6521
CVE-2007-6522
CVE-2007-6524
http://www.opera.com/docs/changelogs/freebsd/925/
http://www.opera.com/support/search/view/875/
|
38daea4f-2851-11e2-9483-14dae938ec40 | opera -- multiple vulnerabilities
Opera reports:
CORS (Cross-Origin Resource Sharing) allows web pages to retrieve
the contents of pages from other sites, with their permission,
as they would appear for the current user.
When requests are made in this way, the browser should only allow
the page content to be retrieved if the target site sends the
correct headers that give permission for their contents to be
used in this way. Specially crafted requests may trick Opera
into thinking that the target site has given permission when it
had not done so. This can result in the contents of any target page
being revealed to untrusted sites, including any
sensitive information or session IDs contained within the
source of those pages.
Also reported are vulnerabilities involving SVG graphics and XSS.
Discovery 2012-11-06 Entry 2012-11-06 Modified 2014-04-30 opera
< 12.10
opera-devel
< 12.10
linux-opera
< 12.10
linux-opera-devel
< 12.10
http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1033/
|
40856a51-e1d9-11d9-b875-0001020eed82 | opera -- "javascript:" URL cross-site scripting vulnerability
A Secunia Advisory reports:
Secunia Research has discovered a vulnerability in Opera,
which can be exploited by malicious people to conduct
cross-site scripting attacks and to read local files.
The vulnerability is caused due to Opera not properly
restricting the privileges of "javascript:" URLs when
opened in e.g. new windows or frames.
Discovery 2005-06-16 Entry 2005-06-20 linux-opera
opera-devel
opera
< 8.01
CVE-2005-1669
http://secunia.com/advisories/15411/
http://www.opera.com/freebsd/changelogs/801/#security
|
44224e08-8306-11dc-9283-0016179b2dd5 | opera -- multiple vulnerabilities
An advisory from Opera reports:
If a user has configured Opera to use an external newsgroup
client or e-mail application, specially crafted Web pages can
cause Opera to run that application incorrectly. In some cases
this can lead to execution of arbitrary code.
When accesing frames from different Web sites, specially crafted
scripts can bypass the same-origin policy, and overwrite functions
from those frames. If scripts on the page then run those functions,
this can cause the script of the attacker's choice to run in the
context of the target Web site.
Discovery 2007-10-17 Entry 2007-10-25 opera
opera-devel
linux-opera
< 9.24
CVE-2007-5540
CVE-2007-5541
http://www.opera.com/support/search/view/866/
http://www.opera.com/support/search/view/867/
http://secunia.com/advisories/27277/
|
4582948a-9716-11de-83a5-001999392805 | opera -- multiple vulnerabilities
Opera Team Reports:
- Issue where sites using revoked intermediate certificates might be shown as secure
- Issue where the collapsed address bar didn't show the current domain
- Issue where pages could trick users into uploading files
- Some IDNA characters not correctly displaying in the address bar
- Issue where Opera accepts nulls and invalid wild-cards in certificates
Discovery 2009-09-01 Entry 2009-09-04 Modified 2009-10-29 opera
< 10.00.20090830
opera-devel
le 10.00.b3_1,1
linux-opera
< 10.00
http://www.opera.com/support/search/view/929/
http://www.opera.com/support/search/view/930/
http://www.opera.com/support/search/view/931/
http://www.opera.com/support/search/view/932/
http://www.opera.com/support/search/view/934/
|
4867ae85-608d-11db-8faf-000c6ec775d9 | opera -- URL parsing heap overflow vulnerability
iDefense Labs reports:
Remote exploitation of a heap overflow vulnerability
within version 9 of Opera Software's Opera Web browser
could allow an attacker to execute arbitrary code on the
affected host.
A flaw exists within Opera when parsing a tag that
contains a URL. A heap buffer with a constant size of 256
bytes is allocated to store the URL, and the tag's URL is
copied into this buffer without sufficient bounds checking
of its length.
Discovery 2006-10-17 Entry 2006-10-20 opera
opera-devel
linux-opera
gt 9.* lt 9.02
CVE-2006-4819
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424
http://secunia.com/advisories/22218/
http://www.opera.com/support/search/supsearch.dml?index=848
|
641859e8-eca1-11d8-b913-000c41e2cdad | Mutiple browser frame injection vulnerability
A class of bugs affecting many web browsers in the same way
was discovered. A Secunia advisory reports:
The problem is that the browsers don't check if a target
frame belongs to a website containing a malicious link,
which therefore doesn't prevent one browser window from
loading content in a named frame in another window.
Successful exploitation allows a malicious website to load
arbitrary content in an arbitrary frame in another browser
window owned by e.g. a trusted site.
A KDE Security Advisory reports:
A malicious website could abuse Konqueror to insert
its own frames into the page of an otherwise trusted
website. As a result the user may unknowingly send
confidential information intended for the trusted website
to the malicious website.
Secunia has provided a demonstration of the vulnerability at http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/.
Discovery 2004-08-11 Entry 2004-08-12 Modified 2004-09-14 kdelibs
< 3.2.3_3
kdebase
< 3.2.3_1
linux-opera
opera
ge 7.50 lt 7.52
firefox
< 0.9
linux-mozilla
linux-mozilla-devel
mozilla-gtk1
< 1.7
mozilla
< 1.7,2
netscape7
< 7.2
CVE-2004-0717
CVE-2004-0718
CVE-2004-0721
http://secunia.com/advisories/11978/
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch
|
6431c4db-deb4-11de-9078-0030843d3802 | opera -- multiple vulnerabilities
Opera Team reports:
- Fixed a heap buffer overflow in string to number conversion
- Fixed an issue where error messages could leak onto unrelated
sites
- Fixed a moderately severe issue, as reported by Chris Evans of
the Google Security Team; details will be disclosed at a later
date.
Discovery 2009-11-23 Entry 2009-12-01 Modified 2010-05-02 opera
< 10.10.20091120
linux-opera
< 10.10
CVE-2009-0689
CVE-2009-4071
http://www.opera.com/support/kb/view/941/
http://www.opera.com/support/kb/view/942/
|
73ec1008-72f0-11dd-874b-0030843d3802 | opera -- multiple vulnerabilities
The Opera Team reports:
Scripts are able to change the addresses of framed pages that
come from the same site. Due to a flaw in the way that Opera checks
what frames can be changed, a site can change the address of frames
on other sites inside any window that it has opened. This allows
sites to open pages from other sites, and display misleading
information on them.
Custom shortcut and menu commands can be used to activate external
applications. In some cases, the parameters passed to these
applications are not prepared correctly, and may be created from
uninitialized memory. These may be misinterpreted as additional
parameters, and depending on the application, this could allow
execution of arbitrary code.
Successful exploitation requires convincing the user to modify
their shortcuts or menu files appropriately, pointing to an
appropriate target application, then to activate that shortcut at
an appropriate time. To inject code, additional means will have to
be employed.
When insecure pages load content from secure sites into a frame,
they can cause Opera to incorrectly report the insecure site as
being secure. The padlock icon will incorrectly be shown, and the
security information dialog will state that the connection is
secure, but without any certificate information.
As a security precaution, Opera does not allow Web pages to
link to files on the user's local disk. However, a flaw exists
that allows Web pages to link to feed source files on the
user's computer. Suitable detection of JavaScript events and
appropriate manipulation can unreliably allow a script to
detect the difference between successful and unsuccessful
subscriptions to these files, to allow it to discover if the
file exists or not. In most cases the attempt will fail.
It has been reported that when a user subscribes to a news
feed using the feed subscription button, the page address
can be changed. This causes the address field not to update
correctly. Although this can mean that misleading
information can be displayed in the address field, it can
only leave the attacking page's address in the address bar,
not a trusted third party address.
Discovery 2008-08-20 Entry 2008-08-25 Modified 2010-05-12 opera
linux-opera
< 9.52
CVE-2008-4195
CVE-2008-4197
CVE-2008-4198
CVE-2008-4200
http://www.opera.com/support/search/view/893/
http://www.opera.com/support/search/view/894/
http://www.opera.com/support/search/view/895/
http://www.opera.com/support/search/view/896/
http://www.opera.com/support/search/view/897/
|
78ad2525-9d0c-11db-a5f6-000c6ec775d9 | opera -- multiple vulnerabilities
iDefense reports:
The vulnerability specifically exists due to Opera
improperly processing a JPEG DHT marker. The DHT marker is
used to define a Huffman Table which is used for decoding
the image data. An invalid number of index bytes in the
DHT marker will trigger a heap overflow with partially
user controlled data.
Exploitation of this vulnerability would allow an
attacker to execute arbitrary code on the affected
host. The attacker would first need to construct a website
containing the malicious image and trick the vulnerable
user into visiting the site. This would trigger the
vulnerability and allow the code to execute with the
privileges of the local user.
A flaw exists within Opera's Javascript SVG
implementation. When processing a
createSVGTransformFromMatrix request Opera does not
properly validate the type of object passed to the
function. Passing an incorrect object to this function can
result in it using a pointer that is user controlled when
it attempts to make the virtual function call.
Exploitation of this vulnerability would allow an
attacker to execute arbitrary code on the affected
host. The attacker would first need to construct a website
containing the malicious JavaScript and trick the
vulnerable user into visiting the site. This would trigger
the vulnerability and allow the code to execute with the
privileges of the local user.
Discovery 2007-01-05 Entry 2007-01-05 Modified 2010-05-12 opera
opera-devel
linux-opera
< 9.10
CVE-2007-0126
CVE-2007-0127
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458
http://www.opera.com/support/search/supsearch.dml?index=851
http://www.opera.com/support/search/supsearch.dml?index=852
|
79217c9b-e1d9-11d9-b875-0001020eed82 | opera -- XMLHttpRequest security bypass
A Secunia Advisory reports:
Secunia Research has discovered a vulnerability in Opera,
which can be exploited by malicious people to steal
content or to perform actions on other web sites with the
privileges of the user.
Normally, it should not be possible for the
XMLHttpRequest object to access resources
from outside the domain of which the object was
opened. However, due to insufficient validation of server
side redirects, it is possible to circumvent this
restriction.
Discovery 2005-06-16 Entry 2005-06-20 linux-opera
opera-devel
opera
gt 8.* lt 8.01
CVE-2005-1475
http://secunia.com/advisories/15008/
http://secunia.com/secunia_research/2005-4/advisory/
http://www.opera.com/freebsd/changelogs/801/#security
|
85f33a8d-492f-11e2-aa75-003067c2616f | opera -- execution of arbitrary code
Opera reports:
When loading GIF images into memory, Opera should allocate the
correct amount of memory to store that image. Specially crafted
image files can cause Opera to allocate the wrong amount of memory.
Subsequent data may then overwrite unrelated memory with
attacker-controlled data. This can lead to a crash, which may also
execute that data as code.
Discovery 2012-12-18 Entry 2012-12-18 Modified 2014-04-30 opera
< 12.12
opera-devel
< 12.12
linux-opera
< 12.12
linux-opera-devel
< 12.12
http://www.opera.com/support/kb/view/1038/
http://www.opera.com/support/kb/view/1039/
|
8c5205b4-11a0-11de-a964-0030843d3802 | opera -- multiple vulnerabilities
Opera Team reports:
An unspecified error in the processing of JPEG images can be
exploited to trigger a memory corruption.
An error can be exploited to execute arbitrary script code in a
different domain via unspecified plugins.
An unspecified error has a "moderately severe" impact. No further
information is available.
Discovery 2009-03-15 Entry 2009-03-15 Modified 2010-05-02 opera
linux-opera
< 9.64
CVE-2009-0914
CVE-2009-0915
http://www.opera.com/docs/changelogs/freebsd/964/
http://secunia.com/advisories/34135/
|
934b1de4-00d7-11da-bc08-0001020eed82 | opera -- image dragging vulnerability
A Secunia Advisory reports:
Secunia Research has discovered a vulnerability in Opera,
which can be exploited by malicious people to conduct
cross-site scripting attacks and retrieve a user's
files.
The vulnerability is caused due to Opera allowing a user
to drag e.g. an image, which is actually a "javascript:"
URI, resulting in cross-site scripting if dropped over
another site. This may also be used to populate a file
upload form, resulting in uploading of arbitrary files to
a malicious web site.
Successful exploitation requires that the user is tricked
into dragging and dropping e.g. an image or a link.
Discovery 2005-07-28 Entry 2005-07-30 Modified 2006-06-08 linux-opera
opera-devel
opera
< 8.02
http://secunia.com/advisories/15756/
http://www.opera.com/freebsd/changelogs/802/
|
985bfcf0-e1d7-11d9-b875-0001020eed82 | opera -- redirection cross-site scripting vulnerability
A Secunia Advisory reports:
Secunia Research has discovered a vulnerability in Opera,
which can be exploited by malicious people to conduct
cross-site scripting attacks against users.
The vulnerability is caused due to input not being
sanitised, when Opera generates a temporary page for
displaying a redirection when "Automatic redirection" is
disabled (not default setting).
Discovery 2005-06-16 Entry 2005-06-20 linux-opera
opera-devel
opera
gt 8.* lt 8.01
http://secunia.com/advisories/15423/
http://secunia.com/secunia_research/2003-1/advisory/
http://www.opera.com/freebsd/changelogs/801/#security
|
a2aa24fd-00d4-11da-bc08-0001020eed82 | opera -- download dialog spoofing vulnerability
A Secunia Advisory reports:
Secunia Research has discovered a vulnerability in Opera,
which can be exploited by malicious people to trick users
into executing malicious files.
The vulnerability is caused due to an error in the
handling of extended ASCII codes in the download
dialog. This can be exploited to spoof the file extension
in the file download dialog via a specially crafted
"Content-Disposition" HTTP header.
Successful exploitation may result in users being tricked
into executing a malicious file via the download dialog,
but requires that the "Arial Unicode MS" font
(ARIALUNI.TTF) has been installed on the system.
Discovery 2005-07-28 Entry 2005-07-30 linux-opera
opera-devel
opera
< 8.02
http://secunia.com/advisories/15870/
http://www.opera.com/freebsd/changelogs/802/
|
a4a809d8-25c8-11e1-b531-00215c6a37bb | opera -- multiple vulnerabilities
Opera software reports:
- Fixed a moderately severe issue; details will be
disclosed at a later date
- Fixed an issue that could allow pages to set cookies
or communicate cross-site for some top level domains;
see our advisory
- Improved handling of certificate revocation corner
cases
- Added a fix for a weakness in the SSL v3.0 and TLS 1.0
specifications, as reported by Thai Duong and Juliano Rizzo;
see our advisory
- Fixed an issue where the JavaScript "in" operator
allowed leakage of cross-domain information, as reported
by David Bloom; see our advisory
Discovery 2011-12-06 Entry 2011-12-13 opera
linux-opera
< 11.60
opera-devel
< 11.60,1
CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
|
ad4a00fa-0157-11dd-8bd3-001372ae3ab9 | opera -- multiple vulnerabilities
Opera Software reports of multiple security issues in Opera.
All of them can lead to arbitrary code execution. Details are
as the following:
Discovery 2008-04-03 Entry 2008-04-05 Modified 2010-05-12 opera
< 9.27.20080331
linux-opera
< 9.27.20080331
28585
CVE-2008-1761
CVE-2008-1762
http://www.opera.com/support/search/view/881/
http://www.opera.com/support/search/view/882/
|
b0911985-6e2a-11d9-9557-000a95bc6fae | web browsers -- window injection vulnerabilities
A Secunia Research advisory reports:
Secunia Research has reported a vulnerability in multiple
browsers, which can be exploited by malicious people to
spoof the content of websites.
The problem is that a website can inject content into
another site's window if the target name of the window is
known. This can e.g. be exploited by a malicious website
to spoof the content of a pop-up window opened on a
trusted website.
Secunia has constructed a test, which can be used to
check if your browser is affected by this issue:
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
A workaround
for Mozilla-based browsers is available.
Discovery 2004-12-08 Entry 2005-01-24 Modified 2005-02-26 firefox
< 1.0.1,1
mozilla
< 1.7.6,2
linux-mozilla
linux-mozilla-devel
< 1.7.6
de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
mozilla-gtk1
ge 0
de-linux-netscape
fr-linux-netscape
ja-linux-netscape
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
ge 0
kdebase
kdelibs
< 3.3.2
opera
opera-devel
linux-opera
< 7.54.20050131
http://secunia.com/secunia_research/2004-13/advisory/
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
CVE-2004-1156
http://secunia.com/advisories/13129/
https://bugzilla.mozilla.org/show_bug.cgi?id=273699
https://bugzilla.mozilla.org/show_bug.cgi?id=103638
http://mozillanews.org/?article_date=2004-12-08+06-48-46
CVE-2004-1157
http://secunia.com/advisories/13253/
CVE-2004-1158
http://secunia.com/advisories/13254/
http://www.kde.org/info/security/advisory-20041213-1.txt
CVE-2004-1160
http://secunia.com/advisories/13402/
|
cebed39d-9e6f-11e2-b3f5-003067c2616f | opera -- moderately severe issue
Opera reports:
Fixed a moderately severe issue, as reported by Attila Suszte.
Discovery 2013-04-04 Entry 2014-04-30 opera
< 12.15
opera-devel
< 12.15
linux-opera
< 12.15
linux-opera-devel
< 12.15
http://www.opera.com/docs/changelogs/unified/1215/
http://www.opera.com/support/kb/view/1046/
http://www.opera.com/support/kb/view/1047/
|
d6b092bd-61e1-11da-b64c-0001020eed82 | opera -- multiple vulnerabilities
Opera reports:
It is possible to make a form input that looks like an
image link. If the form input has a "title" attribute, the
status bar will show the "title". A "title" which looks
like a URL can mislead the user, since the title can say
http://nice.familiar.com/, while the form action can be
something else.
Opera's tooltip says "Title:" before the title text,
making a spoof URL less convincing. A user who has enabled
the status bar and disabled tooltips can be affected by
this. Neither of these settings are Opera's defaults.
This exploit is mostly of interest to users who disable
JavaScript. If JavaScript is enabled, any link target or
form action can be overridden by the script. The tooltip
and the statusbar can only be trusted to show the true
location if JavaScript is disabled.
Java code using LiveConnect methods to remove a property
of a JavaScript object may in some cases use null pointers
that can make Opera crash. This crash is not exploitable
and such code is rare on the web.
Discovery 2005-11-16 Entry 2005-11-30 linux-opera
opera-devel
opera
< 8.51
CVE-2005-3699
http://secunia.com/advisories/17571/
http://www.opera.com/support/search/supsearch.dml?index=817
http://www.opera.com/support/search/supsearch.dml?index=819
|
d8e55d65-81d6-11d9-a9e7-0001020eed82 | opera -- kfmclient exec command execution vulnerability
Giovanni Delvecchio reports:
Opera for linux uses "kfmclient exec" as "Default
Application" to handle saved files. This could be used by
malicious remote users to execute arbitrary shell commands
on a target system.
Discovery 2004-12-12 Entry 2005-02-18 opera
opera-devel
linux-opera
< 7.54.20050131
CVE-2004-1491
http://secunia.com/advisories/13447/
http://www.opera.com/freebsd/changelogs/754u2/
http://www.zone-h.org/advisories/read/id=6503
|
df333ede-a8ce-11d8-9c6d-0020ed76ef5a | URI handler vulnerabilities in several browsers
Karol Wiesek and Greg MacManus reported via iDEFENSE that the
Opera web browser contains a flaw in the handling of
certain URIs. When presented with these URIs, Opera would
invoke external commands to process them after some
validation. However, if the hostname component of a URI
begins with a `-', it may be treated as an option by an external
command. This could have undesirable side-effects, from
denial-of-service to code execution. The impact is very
dependent on local configuration.
After the iDEFENSE advisory was published, the KDE team
discovered similar problems in KDE's URI handlers.
Discovery 2004-05-12 Entry 2004-05-18 linux-opera
opera
< 7.50
kdelibs
< 3.2.2_3
CVE-2004-0411
http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities
http://www.kde.org/info/security/advisory-20040517-1.txt
http://freebsd.kde.org/index.php#n20040517
|
df4a7d21-4b17-11dc-9fc2-001372ae3ab9 | opera -- Vulnerability in javascript handling
An advisory from Opera reports:
A specially crafted JavaScript can make Opera execute
arbitrary code.
Discovery 2007-08-03 Entry 2007-08-15 Modified 2007-08-25 opera
opera-devel
linux-opera
< 9.23.20070809
http://www.opera.com/support/search/view/865/
|
dfc1daa8-61de-11da-b64c-0001020eed82 | opera -- command line URL shell command injection
An Opera Advisory reports:
Opera for UNIX uses a wrapper shell script to start up
Opera. This shell script reads the input arguments, like
the file names or URLs that Opera is to open. It also
performs some environment checks, for example whether Java
is available and if so, where it is located.
This wrapper script can also run commands embedded in the
URL, so that a specially crafted URL can make arbitrary
commands run on the recipient's machine. Users who have
other programs set up to use Opera to open Web links are
vulnerable to this flaw. For these users, clicking a Web
link in for example OpenOffice.org or Evolution can run a
command that was put into the link.
Discovery 2005-11-17 Entry 2005-11-30 linux-opera
opera-devel
opera
< 8.51
15521
CVE-2005-3750
http://secunia.com/secunia_research/2005-57/advisory/
http://www.opera.com/support/search/supsearch.dml?index=818
|
e666498a-852a-11e0-8f78-080027ef73ec | Opera -- code injection vulnerability through broken frameset handling
Opera Software ASA reports:
Fixed an issue with framesets that could allow execution of
arbitrary code, as reported by an anonymous contributor working
with the SecuriTeam Secure Disclosure program.
Discovery 2011-05-18 Entry 2011-05-23 opera
< 11.11
opera-devel
< 11.11
linux-opera
< 11.11
http://www.opera.com/docs/changelogs/unix/1111/
http://www.opera.com/support/kb/view/992/
|
ea0f45e2-6c4b-11e2-98d9-003067c2616f | opera -- execution of arbitrary code
Opera reports:
Particular DOM event manipulations can cause Opera to crash. In
some cases, this crash might occur in a way that allows execution
of arbitrary code. To inject code, additional techniques would
have to be employed.
Discovery 2013-01-30 Entry 2013-02-01 opera
opera-devel
linux-opera
linux-opera-devel
< 12.13
http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
|
f5c4d7f7-9f4b-11dd-bab1-001999392805 | opera -- multiple vulnerabilities
Opera reports:
Certain constructs are not escaped correctly by Opera's
History Search results. These can be used to inject scripts
into the page, which can then be used to look through the user's
browsing history, including the contents of the pages they have
visited. These may contain sensitive information.
If a link that uses a JavaScript URL triggers Opera's Fast
Forward feature, when the user activates Fast Forward, the
script should run on the current page. When a page is held in a
frame, the script is incorrectly executed on the outermost page,
not the page where the URL was located. This can be used to
execute scripts in the context of an unrelated frame, which
allows cross-site scripting.
When Opera is previewing a news feed, some scripts are not
correctly blocked. These scripts are able to subscribe the user
to any feed URL that the attacker chooses, and can also view
the contents of any feeds that the user is subscribed to.
These may contain sensitive information.
Discovery 2008-10-17 Entry 2008-10-28 Modified 2010-05-02 opera
linux-opera
< 9.61
CVE-2008-4697
CVE-2008-4698
CVE-2008-4725
http://www.opera.com/support/search/view/903/
http://www.opera.com/support/search/view/904/
http://www.opera.com/support/search/view/905/
|
fb84d5dd-9528-11dd-9a00-001999392805 | opera -- multiple vulnerabilities
Opera reports:
If a malicious page redirects Opera to a specially crafted
address (URL), it can cause Opera to crash. Given sufficient
address content, the crash could cause execution of code
controlled by the attacking page.
Once a Java applet has been cached, if a page can predict the
cache path for that applet, it can load the applet from the
cache, causing it to run in the context of the local machine.
This allows it to read other cache files on the computer or
perform other normally more restrictive actions. These files
could contain sensitive information, which could then be sent
to the attacker.
Discovery 2008-10-04 Entry 2008-10-10 Modified 2010-05-12 opera
linux-opera
< 9.60
CVE-2008-4695
CVE-2008-4694
http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/
|