VuXML ID | Description |
225bc349-ce10-11dd-a721-0030843d3802 | opera -- multiple vulnerabilities
The Opera Team reports:
Manipulating certain text-area contents can cause a buffer
overflow, which may be exploited to execute arbitrary code.
Certain HTML constructs can cause the resulting DOM to change
unexpectedly, which triggers a crash. To inject code, additional
techniques will have to be employed.
Exceptionally long host names in file: URLs can cause a buffer
overflow, which may be exploited to execute arbitrary code. Remote Web
pages cannot refer to file: URLs, so successful exploitation involves
tricking users into manually opening the exploit URL, or a local file
that refers to it.
When Opera is previewing a news feed, some scripted URLs are not
correctly blocked. These can execute scripts which are able to
subscribe the user to any feed URL that the attacker chooses, and can
also view the contents of any feeds that the user is subscribed to.
These may contain sensitive information.
Built-in XSLT templates incorrectly handle escaped content and can
cause it to be treated as markup. If a site accepts content from
untrusted users, which it then displays using XSLT as escaped strings,
this can allow scripted markup to be injected. The scripts will then
be executed in the security context of that site.
Discovery 2008-11-18 Entry 2008-12-19 opera
linux-opera
< 9.63
CVE-2008-5178
http://www.opera.com/support/kb/view/920/
http://www.opera.com/support/kb/view/921/
http://www.opera.com/support/kb/view/922/
http://www.opera.com/support/kb/view/923/
http://www.opera.com/support/kb/view/924/
http://secunia.com/advisories/32752/
|
a4a809d8-25c8-11e1-b531-00215c6a37bb | opera -- multiple vulnerabilities
Opera software reports:
- Fixed a moderately severe issue; details will be
disclosed at a later date
- Fixed an issue that could allow pages to set cookies
or communicate cross-site for some top level domains;
see our advisory
- Improved handling of certificate revocation corner
cases
- Added a fix for a weakness in the SSL v3.0 and TLS 1.0
specifications, as reported by Thai Duong and Juliano Rizzo;
see our advisory
- Fixed an issue where the JavaScript "in" operator
allowed leakage of cross-domain information, as reported
by David Bloom; see our advisory
Discovery 2011-12-06 Entry 2011-12-13 opera
linux-opera
< 11.60
opera-devel
< 11.60,1
CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
|
38daea4f-2851-11e2-9483-14dae938ec40 | opera -- multiple vulnerabilities
Opera reports:
CORS (Cross-Origin Resource Sharing) allows web pages to retrieve
the contents of pages from other sites, with their permission,
as they would appear for the current user.
When requests are made in this way, the browser should only allow
the page content to be retrieved if the target site sends the
correct headers that give permission for their contents to be
used in this way. Specially crafted requests may trick Opera
into thinking that the target site has given permission when it
had not done so. This can result in the contents of any target page
being revealed to untrusted sites, including any
sensitive information or session IDs contained within the
source of those pages.
Also reported are vulnerabilities involving SVG graphics and XSS.
Discovery 2012-11-06 Entry 2012-11-06 Modified 2014-04-30 opera
< 12.10
opera-devel
< 12.10
linux-opera
< 12.10
linux-opera-devel
< 12.10
http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1033/
|
0e30e802-a9db-11dd-93a2-000bcdf0a03b | opera -- multiple vulnerabilities
Opera reports:
When certain parameters are passed to Opera's History
Search, they can cause content not to be correctly
sanitized. This can allow scripts to be injected into the
History Search results page. Such scripts can then run with
elevated privileges and interact with Opera's configuration,
allowing them to execute arbitrary code.
The links panel shows links in all frames on the current
page, including links with JavaScript URLs. When a page is
held in a frame, the script is incorrectly executed on the
outermost page, not the page where the URL was located.
This can be used to execute scripts in the context of an
unrelated frame, which allows cross-site scripting.
Discovery 2008-11-03 Entry 2008-11-03 Modified 2010-05-02 opera
linux-opera
< 9.62
CVE-2008-4794
http://www.opera.com/support/search/view/906/
http://www.opera.com/support/search/view/907/
|
ea0f45e2-6c4b-11e2-98d9-003067c2616f | opera -- execution of arbitrary code
Opera reports:
Particular DOM event manipulations can cause Opera to crash. In
some cases, this crash might occur in a way that allows execution
of arbitrary code. To inject code, additional techniques would
have to be employed.
Discovery 2013-01-30 Entry 2013-02-01 opera
opera-devel
linux-opera
linux-opera-devel
< 12.13
http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
|
e666498a-852a-11e0-8f78-080027ef73ec | Opera -- code injection vulnerability through broken frameset handling
Opera Software ASA reports:
Fixed an issue with framesets that could allow execution of
arbitrary code, as reported by an anonymous contributor working
with the SecuriTeam Secure Disclosure program.
Discovery 2011-05-18 Entry 2011-05-23 opera
< 11.11
opera-devel
< 11.11
linux-opera
< 11.11
http://www.opera.com/docs/changelogs/unix/1111/
http://www.opera.com/support/kb/view/992/
|
cebed39d-9e6f-11e2-b3f5-003067c2616f | opera -- moderately severe issue
Opera reports:
Fixed a moderately severe issue, as reported by Attila Suszte.
Discovery 2013-04-04 Entry 2014-04-30 opera
< 12.15
opera-devel
< 12.15
linux-opera
< 12.15
linux-opera-devel
< 12.15
http://www.opera.com/docs/changelogs/unified/1215/
http://www.opera.com/support/kb/view/1046/
http://www.opera.com/support/kb/view/1047/
|
2eda0c54-34ab-11e0-8103-00215c6a37bb | opera -- multiple vulnerabilities
Opera reports:
Opera 11.01 is a recommended upgrade offering security and
stability enhancements.
The following security vulnerabilities have been fixed:
- Removed support for "
javascript: " URLs in
CSS -o-link values, to make it easier for sites to filter
untrusted CSS.
- Fixed an issue where large form inputs could allow
execution of arbitrary code, as reported by Jordi Chancel;
see our advisory.
- Fixed an issue which made it possible to carry out
clickjacking attacks against internal opera: URLs;
see our advisory.
- Fixed issues which allowed web pages to gain limited
access to files on the user's computer; see our
advisory.
- Fixed an issue where email passwords were not immediately
deleted when deleting private data; see our
advisory.
Discovery 2011-01-26 Entry 2011-02-10 opera
opera-devel
linux-opera
< 11.01
CVE-2011-0450
CVE-2011-0681
CVE-2011-0682
CVE-2011-0683
CVE-2011-0684
CVE-2011-0685
CVE-2011-0686
CVE-2011-0687
http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://secunia.com/advisories/43023
|
4582948a-9716-11de-83a5-001999392805 | opera -- multiple vulnerabilities
Opera Team Reports:
- Issue where sites using revoked intermediate certificates might be shown as secure
- Issue where the collapsed address bar didn't show the current domain
- Issue where pages could trick users into uploading files
- Some IDNA characters not correctly displaying in the address bar
- Issue where Opera accepts nulls and invalid wild-cards in certificates
Discovery 2009-09-01 Entry 2009-09-04 Modified 2009-10-29 opera
< 10.00.20090830
opera-devel
le 10.00.b3_1,1
linux-opera
< 10.00
http://www.opera.com/support/search/view/929/
http://www.opera.com/support/search/view/930/
http://www.opera.com/support/search/view/931/
http://www.opera.com/support/search/view/932/
http://www.opera.com/support/search/view/934/
|
77b9f9bc-7fdf-11df-8a8d-0008743bf21a | opera -- Data URIs can be used to allow cross-site scripting
The Opera Desktop Team reports:
Data URIs are allowed to run scripts that manipulate
pages from the site that directly opened them. In some cases, the opening site
is not correctly detected. In these cases, Data URIs may erroneously be able to
run scripts so that they interact with sites that did not directly cause them to
be opened.
Discovery 2010-06-21 Entry 2010-06-25 opera
< 10.11
opera-devel
le 10.20_2,1
http://www.opera.com/support/kb/view/955/
|
6431c4db-deb4-11de-9078-0030843d3802 | opera -- multiple vulnerabilities
Opera Team reports:
- Fixed a heap buffer overflow in string to number conversion
- Fixed an issue where error messages could leak onto unrelated
sites
- Fixed a moderately severe issue, as reported by Chris Evans of
the Google Security Team; details will be disclosed at a later
date.
Discovery 2009-11-23 Entry 2009-12-01 Modified 2010-05-02 opera
< 10.10.20091120
linux-opera
< 10.10
CVE-2009-0689
CVE-2009-4071
http://www.opera.com/support/kb/view/941/
http://www.opera.com/support/kb/view/942/
|
0925716f-34e2-11e2-aa75-003067c2616f | opera -- execution of arbitrary code
Opera reports:
When requesting pages using HTTP, Opera temporarily stores the
response in a buffer. In some cases, Opera may incorrectly allocate
too little space for a buffer, and may then store too much of the
response in that buffer. This causes a buffer overflow, which in
turn can lead to a memory corruption and crash. It is possible to
use this crash to execute the overflowing data as code, which may
be controlled by an attacking site.
Discovery 2012-11-19 Entry 2012-11-22 Modified 2014-04-30 opera
< 12.11
opera-devel
< 12.11
linux-opera
< 12.11
linux-opera-devel
< 12.11
http://www.opera.com/support/kb/view/1036/
|
f5c4d7f7-9f4b-11dd-bab1-001999392805 | opera -- multiple vulnerabilities
Opera reports:
Certain constructs are not escaped correctly by Opera's
History Search results. These can be used to inject scripts
into the page, which can then be used to look through the user's
browsing history, including the contents of the pages they have
visited. These may contain sensitive information.
If a link that uses a JavaScript URL triggers Opera's Fast
Forward feature, when the user activates Fast Forward, the
script should run on the current page. When a page is held in a
frame, the script is incorrectly executed on the outermost page,
not the page where the URL was located. This can be used to
execute scripts in the context of an unrelated frame, which
allows cross-site scripting.
When Opera is previewing a news feed, some scripts are not
correctly blocked. These scripts are able to subscribe the user
to any feed URL that the attacker chooses, and can also view
the contents of any feeds that the user is subscribed to.
These may contain sensitive information.
Discovery 2008-10-17 Entry 2008-10-28 Modified 2010-05-02 opera
linux-opera
< 9.61
CVE-2008-4697
CVE-2008-4698
CVE-2008-4725
http://www.opera.com/support/search/view/903/
http://www.opera.com/support/search/view/904/
http://www.opera.com/support/search/view/905/
|
71273c4d-a6ec-11df-8a8d-0008743bf21a | opera -- multiple vulnerabilities
The Opera Destkop Team reports:
- Fixed an issue where heap buffer overflow in HTML5 canvas could
be used to execute arbitrary code, as reported by Kuzzcc.
- Fixed an issue where unexpected changes in tab focus could be
used to run programs from the Internet, as reported by Jakob Balle
and Sven Krewitt of Secunia.
- Fixed an issue where news feed preview could subscribe to feeds
without interaction, as reported by Alexios Fakos.
Discovery 2010-08-12 Entry 2010-08-13 opera
< 10.61
http://www.opera.com/support/search/view/966/
http://www.opera.com/support/search/view/967/
http://www.opera.com/support/search/view/968/
|
aab187d4-e0f3-11df-b1ea-001999392805 | opera -- multiple vulnerabilities
The Opera Desktop Team reports:
- Fixed an issue that allowed cross-domain checks to be bypassed,
allowing limited data theft using CSS, as reported by Isaac
Dawson.
- Fixed an issue where manipulating the window could be used to
spoof the page address.
- Fixed an issue with reloads and redirects that could allow
spoofing and cross-site scripting.
- Fixed an issue that allowed private video streams to be
intercepted, as reported by Nirankush Panchbhai of Microsoft
Vulnerability Research.
- Fixed an issue that caused JavaScript to run in the wrong
security context after manual interaction.
Discovery 2010-10-12 Entry 2010-10-26 opera
< 10.63
http://www.opera.com/support/kb/view/971/
http://www.opera.com/support/kb/view/972/
http://www.opera.com/support/kb/view/973/
http://www.opera.com/support/kb/view/974/
http://www.opera.com/support/kb/view/976/
|
85f33a8d-492f-11e2-aa75-003067c2616f | opera -- execution of arbitrary code
Opera reports:
When loading GIF images into memory, Opera should allocate the
correct amount of memory to store that image. Specially crafted
image files can cause Opera to allocate the wrong amount of memory.
Subsequent data may then overwrite unrelated memory with
attacker-controlled data. This can lead to a crash, which may also
execute that data as code.
Discovery 2012-12-18 Entry 2012-12-18 Modified 2014-04-30 opera
< 12.12
opera-devel
< 12.12
linux-opera
< 12.12
linux-opera-devel
< 12.12
http://www.opera.com/support/kb/view/1038/
http://www.opera.com/support/kb/view/1039/
|
2fda6bd2-c53c-11de-b157-001999392805 | opera -- multiple vulnerabilities
Opera Team Reports:
- Fixed an issue where certain domain names could allow execution
of arbitrary code, as reported by Chris Weber of Casaba Security
- Fixed an issue where scripts can run on the feed subscription
page, as reported by Inferno
Discovery 2009-10-28 Entry 2009-10-31 Modified 2010-05-02 opera
< 10.01.20091019
linux-opera
< 10.01
CVE-2009-3831
http://www.opera.com/support/kb/view/938/
http://www.opera.com/support/kb/view/939/
|
fb84d5dd-9528-11dd-9a00-001999392805 | opera -- multiple vulnerabilities
Opera reports:
If a malicious page redirects Opera to a specially crafted
address (URL), it can cause Opera to crash. Given sufficient
address content, the crash could cause execution of code
controlled by the attacking page.
Once a Java applet has been cached, if a page can predict the
cache path for that applet, it can load the applet from the
cache, causing it to run in the context of the local machine.
This allows it to read other cache files on the computer or
perform other normally more restrictive actions. These files
could contain sensitive information, which could then be sent
to the attacker.
Discovery 2008-10-04 Entry 2008-10-10 Modified 2010-05-12 opera
linux-opera
< 9.60
CVE-2008-4695
CVE-2008-4694
http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/
|
8c5205b4-11a0-11de-a964-0030843d3802 | opera -- multiple vulnerabilities
Opera Team reports:
An unspecified error in the processing of JPEG images can be
exploited to trigger a memory corruption.
An error can be exploited to execute arbitrary script code in a
different domain via unspecified plugins.
An unspecified error has a "moderately severe" impact. No further
information is available.
Discovery 2009-03-15 Entry 2009-03-15 Modified 2010-05-02 opera
linux-opera
< 9.64
CVE-2009-0914
CVE-2009-0915
http://www.opera.com/docs/changelogs/freebsd/964/
http://secunia.com/advisories/34135/
|