Opera Browser vulnerabilities
274 known vulnerabilities affecting opera/opera_browser.
Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12
Vulnerabilities
Page 12 of 14
CVE-2012-3565P4MEDIUMCVSS 5.0≤ 11.65v5.0+81 more2012-06-14
CVE-2012-3565 [MEDIUM] CVE-2012-3565: Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests."
nvd
CVE-2008-1082P4MEDIUMCVSS 4.3≤ 9.25v1.00+63 more2008-02-29
CVE-2008-1082 [MEDIUM] CWE-79 CVE-2008-1082: Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site sc
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation.
nvd
CVE-2010-3021P4MEDIUMCVSS 4.3≤ 10.60v1.00+85 more2010-08-16
CVE-2010-3021 [MEDIUM] CWE-399 CVE-2010-3021: Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service
Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image.
nvd
CVE-2009-2351P4MEDIUMCVSS 4.3≤ 9.52v7.0+22 more2009-07-07
CVE-2009-2351 [MEDIUM] CVE-2009-2351: Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which a
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1
nvd
CVE-2010-2455P4MEDIUMCVSS 4.3v5.0v5.02+65 more2010-06-25
CVE-2010-2455 [MEDIUM] CVE-2010-2455: Opera does not properly manage the address bar between the request to open a URL and the retrieval o
Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.
nvd
CVE-2008-5682P4MEDIUMCVSS 4.3≤ 9.62v1.00+71 more2008-12-19
CVE-2008-5682 [MEDIUM] CWE-79 CVE-2008-5682: Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbi
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.
nvd
CVE-2005-4210P4MEDIUMCVSS 5.0fixed in 8.512005-12-13
CVE-2005-4210 [MEDIUM] CVE-2005-4210: Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote a
Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title.
nvd
CVE-2005-3946P4MEDIUMCVSS 5.0v8.502005-12-01
CVE-2005-3946 [MEDIUM] CWE-20 CVE-2005-3946: Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a lar
Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class.
nvd
CVE-2006-3945P4MEDIUMCVSS 5.0v9.02006-07-31
CVE-2006-3945 [MEDIUM] CWE-787 CVE-2006-3945: The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of serv
The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption.
nvd
CVE-2011-0686P4MEDIUMCVSS 5.0≤ 11.00v5.0+72 more2011-01-31
CVE-2011-0686 [MEDIUM] CVE-2011-0686: Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service
Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru.
nvd
CVE-2011-4685P4MEDIUMCVSS 5.0≤ 11.60v5.0+77 more2011-12-07
CVE-2011-4685 [MEDIUM] CWE-20 CVE-2011-4685: Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application cr
Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.
nvd
CVE-2011-2613P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2613 [MEDIUM] CWE-399 CVE-2011-2613: The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of s
The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a non-array object that contains initial holes.
nvd
CVE-2011-2612P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2612 [MEDIUM] CVE-2011-2612: Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru.
nvd
CVE-2011-2638P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2638 [MEDIUM] CVE-2011-2638: Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com.
nvd
CVE-2011-2637P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2637 [MEDIUM] CVE-2011-2637: Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org.
nvd
CVE-2011-2627P4MEDIUMCVSS 5.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2627 [MEDIUM] CVE-2011-2627: Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to
Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com.
nvd
CVE-2012-3568P4MEDIUMCVSS 5.0≤ 11.65v5.0+81 more2012-06-14
CVE-2012-3568 [MEDIUM] CVE-2012-3568: Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo.
nvd
CVE-2003-1420P4MEDIUMCVSS 4.3≥ 6.0, < 7.022003-12-31
CVE-2003-1420 [MEDIUM] CWE-79 CVE-2003-1420: Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disable
Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.
nvd
CVE-2010-2663P4MEDIUMCVSS 4.3≤ 10.60v5.0+68 more2010-07-08
CVE-2010-2663 [MEDIUM] CVE-2010-2663: Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an en
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element.
nvd
CVE-2009-3013P4MEDIUMCVSS 4.3≤ 9.52v7.0+22 more2009-08-31
CVE-2009-3013 [MEDIUM] CWE-79 CVE-2009-3013: Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location
Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI w
nvd