Opera Browser vulnerabilities
274 known vulnerabilities affecting opera/opera_browser.
Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12
Vulnerabilities
Page 11 of 14
CVE-2007-6522P4MEDIUMCVSS 4.3≤ 9.24v1.00+62 more2007-12-24
CVE-2007-6522 [MEDIUM] CWE-79 CVE-2007-6522: The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-do
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.
nvd
CVE-2008-4196P4MEDIUMCVSS 4.3≤ 9.51v5.0+52 more2008-09-27
CVE-2008-4196 [MEDIUM] CWE-79 CVE-2008-4196: Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbi
Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2009-3265P4MEDIUMCVSS 4.3v9.0v10.002009-09-18
CVE-2009-3265 [MEDIUM] CWE-79 CVE-2009-3265: Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitra
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability.
nvd
CVE-2010-2659P4MEDIUMCVSS 4.3≤ 10.50v5.0+68 more2010-07-08
CVE-2010-2659 [MEDIUM] CWE-200 CVE-2010-2659: Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes wi
Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.
nvd
CVE-2012-6464P4MEDIUMCVSS 4.3≤ 12.10v1.00+105 more2013-01-02
CVE-2012-6464 [MEDIUM] CWE-79 CVE-2012-6464: Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arb
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins.
nvd
CVE-2012-6463P4MEDIUMCVSS 4.3≤ 12.10v1.00+105 more2013-01-02
CVE-2012-6463 [MEDIUM] CWE-79 CVE-2012-6463: Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arb
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.
nvd
CVE-2005-2309P4MEDIUMCVSS 5.0v8.012005-07-19
CVE-2005-2309 [MEDIUM] CWE-400 CVE-2005-2309: Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG
Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg.
nvd
CVE-2005-3007P4LOWCVSS 2.6fixed in 8.502005-09-21
CVE-2005-3007 [LOW] CWE-74 CVE-2005-3007: Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a t
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.
nvd
CVE-2004-0872P4MEDIUMCVSS 5.0v7.512004-09-16
CVE-2004-0872 [MEDIUM] CWE-669 CVE-2004-0872: Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent ov
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
nvd
CVE-2011-4686P4MEDIUMCVSS 5.0≤ 11.60v5.0+77 more2011-12-07
CVE-2011-4686 [MEDIUM] CVE-2011-4686: Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote atta
Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
nvd
CVE-2010-1989P4MEDIUMCVSS 5.0v9.522010-05-20
CVE-2010-1989 [MEDIUM] CVE-2010-1989: Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that i
Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181.
nvd
CVE-2011-2625P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2625 [MEDIUM] CWE-399 CVE-2011-2625: Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SE
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements.
nvd
CVE-2011-2619P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2619 [MEDIUM] CWE-399 CVE-2011-2619: Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a gr
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a gradient with many stops, related to the implementation of CANVAS elements, SVG, and Cascading Style Sheets (CSS).
nvd
CVE-2011-2614P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2614 [MEDIUM] CWE-399 CVE-2011-2614: The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (a
The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn.
nvd
CVE-2011-2636P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2636 [MEDIUM] CVE-2011-2636: Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by a certain Tomato Firmware page.
nvd
CVE-2011-2622P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2622 [MEDIUM] CVE-2011-2622: Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote atta
Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
nvd
CVE-2005-3041P4MEDIUMCVSS 5.0fixed in 8.502005-09-22
CVE-2005-3041 [MEDIUM] CVE-2005-3041: Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "uninte
Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads."
nvd
CVE-2005-0238P4MEDIUMCVSS 5.0≤ 7.542005-05-02
CVE-2005-0238 [MEDIUM] CVE-2005-0238: The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain name
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
nvd
CVE-2011-2633P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2633 [MEDIUM] CVE-2011-2633: Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors involving a Certificate Revocation List (CRL) file, as demonstrated by the multicert-ca-02.crl file.
nvd
CVE-2012-3563P4MEDIUMCVSS 5.0≤ 11.65v5.0+81 more2012-06-14
CVE-2012-3563 [MEDIUM] CVE-2012-3563: Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings.
nvd