Opera Browser vulnerabilities

CVE-2007-6520 [MEDIUM] CWE-79 CVE-2007-6520: Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vect Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.

CVE-2007-6522 [MEDIUM] CWE-79 CVE-2007-6522: The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-do The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.

CVE-2007-5541 [CRITICAL] CWE-20 CVE-2007-5541: Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.

CVE-2007-5476 [CRITICAL] CVE-2007-5476: Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9 Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.

CVE-2007-5540 [HIGH] CWE-20 CVE-2007-5540: Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pag Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.

CVE-2007-5276 [MEDIUM] CVE-2007-5276: Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier fo Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.

CVE-2007-4944 [MEDIUM] CVE-2007-4944: The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.

CVE-2007-4367 [CRITICAL] CWE-763 CVE-2007-4367: Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that trig Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."

CVE-2007-3929 [CRITICAL] CWE-416 CVE-2007-3929: Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted rem Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.

CVE-2007-3819 [MEDIUM] CVE-2007-3819: Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI w Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.

CVE-2007-3142 [MEDIUM] CVE-2007-3142: Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and p Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication.

CVE-2007-2809 [CRITICAL] CVE-2007-2809: Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.

CVE-2007-2274 [HIGH] CWE-401 CVE-2007-2274: The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain.

CVE-2007-2022 [MEDIUM] CWE-200 CVE-2007-2022: Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613 Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

CVE-2007-1737 [HIGH] CVE-2007-1737: Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing s Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.

CVE-2007-1563 [MEDIUM] CWE-200 CVE-2007-1563: The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to fo The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

CVE-2007-1377 [MEDIUM] CVE-2007-1377: AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remo AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.

CVE-2007-1115 [MEDIUM] CWE-79 CVE-2007-1115: The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a ch The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

CVE-2007-0802 [MEDIUM] CWE-20 CVE-2007-0802: Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by addin Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.

CVE-2006-6970 [MEDIUM] CWE-264 CVE-2006-6970: Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.