Opera Browser vulnerabilities
274 known vulnerabilities affecting opera/opera_browser.
Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12
Vulnerabilities
Page 13 of 14
CVE-2007-6520P4MEDIUMCVSS 4.3≤ 9.24v1.00+62 more2007-12-24
CVE-2007-6520 [MEDIUM] CWE-79 CVE-2007-6520: Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vect
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
nvd
CVE-2007-5276P4MEDIUMCVSS 4.3v9.02007-10-08
CVE-2007-5276 [MEDIUM] CVE-2007-5276: Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier fo
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
nvd
CVE-2012-1931P4MEDIUMCVSS 4.6≤ 11.61v5.0+76 more2012-03-28
CVE-2012-1931 [MEDIUM] CWE-264 CVE-2012-1931: Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allow
Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing.
nvd
CVE-2014-0815P4MEDIUMCVSS 4.3≤ 17.00v1.00+40 more2014-02-06
CVE-2014-0815 [MEDIUM] CWE-200 CVE-2014-0815: The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by
The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.
nvd
CVE-2004-1810P4MEDIUMCVSS 5.0≤ 7.232004-12-31
CVE-2004-1810 [MEDIUM] CVE-2004-1810: The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by
The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object with a large size value, then writing into that array.
nvd
CVE-2004-1489P4LOWCVSS 2.6≤ 7.542004-12-31
CVE-2004-1489 [LOW] CWE-668 CVE-2004-1489: Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.
nvd
CVE-2011-0687P4MEDIUMCVSS 4.3≤ 11.00v5.0+72 more2011-01-31
CVE-2011-0687 [MEDIUM] CWE-20 CVE-2011-0687: Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, w
Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.
nvd
CVE-2005-2406P4MEDIUMCVSS 4.3v8.012005-08-01
CVE-2005-2406 [MEDIUM] CWE-79 CVE-2005-2406: Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which fil
Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI.
nvd
CVE-2010-4049P4MEDIUMCVSS 4.3≤ 10.62v5.0+69 more2010-10-21
CVE-2010-4049 [MEDIUM] CWE-20 CVE-2010-4049: Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Fl
Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.
nvd
CVE-2011-2624P4MEDIUMCVSS 4.3≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2624 [MEDIUM] CWE-399 CVE-2011-2624: Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application h
Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview.
nvd
CVE-2010-2664P4MEDIUMCVSS 4.3≤ 10.60v5.0+68 more2010-07-08
CVE-2010-2664 [MEDIUM] CVE-2010-2664: Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certa
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning.
nvd
CVE-2008-4697P4MEDIUMCVSS 4.3≤ 9.60v5.0+55 more2008-10-23
CVE-2008-4697 [MEDIUM] CWE-79 CVE-2008-4697: The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascr
The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
nvd
CVE-2011-2630P4MEDIUMCVSS 4.3≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2630 [MEDIUM] CWE-20 CVE-2011-2630: Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application c
Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension.
nvd
CVE-2012-6472P4MEDIUMCVSS 4.6≤ 12.11v1.00+106 more2013-01-02
CVE-2012-6472 [MEDIUM] CWE-264 CVE-2012-6472: Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users
Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file.
nvd
CVE-2010-4047P4MEDIUMCVSS 4.3≤ 10.62v5.0+69 more2010-10-21
CVE-2010-4047 [MEDIUM] CWE-79 CVE-2010-4047: Opera before 10.63 does not properly select the security context of JavaScript code associated with
Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
nvd
CVE-2007-1115P4MEDIUMCVSS 4.3v9.0v9.01+4 more2007-02-26
CVE-2007-1115 [MEDIUM] CWE-79 CVE-2007-1115: The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a ch
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
nvd
CVE-2010-2121P4MEDIUMCVSS 4.3v9.522010-06-01
CVE-2010-2121 [MEDIUM] CWE-399 CVE-2010-2121: Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScrip
Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.
nvd
CVE-2010-5068P4MEDIUMCVSS 4.3v10.502011-12-07
CVE-2010-5068 [MEDIUM] CVE-2010-5068: The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited
The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
nvd
CVE-2012-3566P4MEDIUMCVSS 4.3≤ 11.65v5.0+81 more2012-06-14
CVE-2012-3566 [MEDIUM] CVE-2012-3566: Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (applicat
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission.
nvd
CVE-2004-1201P4MEDIUMCVSS 5.0≤ 7.542005-01-10
CVE-2004-1201 [MEDIUM] CWE-400 CVE-2004-1201: Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhau
Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
nvd