Opera Browser vulnerabilities
274 known vulnerabilities affecting opera/opera_browser.
Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12
Vulnerabilities
Page 4 of 14
CVE-2010-2576P3MEDIUMCVSS 6.8≤ 10.60v1.00+85 more2010-08-16
CVE-2010-2576 [MEDIUM] CVE-2010-2576: Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.
nvd
CVE-2004-2491P4LOWCVSS 2.6PoC≤ 7.532004-12-31
CVE-2004-2491 [LOW] CWE-362 CVE-2004-2491: A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.
nvd
CVE-2008-3078P3HIGHCVSS 7.8≤ 9.50v1.00+67 more2008-07-09
CVE-2008-3078 [HIGH] CWE-200 CVE-2008-3078: Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, wh
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.
nvd
CVE-2005-1475P4HIGHCVSS 7.5fixed in 8.012005-06-16
CVE-2005-1475 [HIGH] CWE-601 CVE-2005-1475: The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access res
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.
nvd
CVE-2009-4072P4CRITICALCVSS 10.0≤ 10.10v7.0+25 more2009-11-24
CVE-2009-4072 [CRITICAL] CVE-2009-4072: Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
nvd
CVE-2011-4683P4CRITICALCVSS 10.0≤ 11.60v5.0+77 more2011-12-07
CVE-2011-4683 [CRITICAL] CVE-2011-4683: Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a
Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."
nvd
CVE-2010-4581P4CRITICALCVSS 10.0≤ 11.00v5.0+71 more2010-12-22
CVE-2010-4581 [CRITICAL] CVE-2010-4581: Unspecified vulnerability in Opera before 11.00 has unknown impact and attack vectors, related to "a
Unspecified vulnerability in Opera before 11.00 has unknown impact and attack vectors, related to "a high severity issue."
nvd
CVE-2011-2610P4CRITICALCVSS 10.0≤ 11.50v5.0+76 more2011-07-01
CVE-2011-2610 [CRITICAL] CVE-2011-2610: Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a
Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."
nvd
CVE-2012-1924P4MEDIUMCVSS 6.8≤ 11.61v5.0+78 more2012-03-28
CVE-2012-1924 [MEDIUM] CWE-94 CVE-2012-1924: Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executi
Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog.
nvd
CVE-2009-0916P4CRITICALCVSS 10.0≤ 9.63v1.00+72 more2009-03-16
CVE-2009-0916 [CRITICAL] CVE-2009-0916: Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."
nvd
CVE-2008-5683P4HIGHCVSS 7.8≤ 9.62v1.00+71 more2008-12-19
CVE-2008-5683 [HIGH] CWE-200 CVE-2008-5683: Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via u
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
nvd
CVE-2003-1388P4CRITICALCVSS 9.3v7.022003-12-31
CVE-2003-1388 [CRITICAL] CWE-120 CVE-2003-1388: Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP requ
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
nvd
CVE-2018-18913P4HIGHCVSS 7.8fixed in 57.0.3098.1062019-03-21
CVE-2018-18913 [HIGH] CWE-426 CVE-2018-18913: Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker ca
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the s
nvd
CVE-2012-1925P4MEDIUMCVSS 6.8≤ 11.61v5.0+78 more2012-03-28
CVE-2012-1925 [MEDIUM] CVE-2012-1925: Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which m
Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows.
nvd
CVE-2008-4698P4MEDIUMCVSS 5.8≤ 9.60v5.0+55 more2008-10-23
CVE-2008-4698 [MEDIUM] CWE-264 CVE-2008-4698: Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote
Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds.
nvd
CVE-2012-4143P4MEDIUMCVSS 6.8≤ 12.00v12.00+26 more2012-08-06
CVE-2012-4143 [MEDIUM] CVE-2012-4143: Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows u
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924.
nvd
CVE-2011-4682P4MEDIUMCVSS 6.4≤ 11.60v5.0+77 more2011-12-07
CVE-2011-4682 [MEDIUM] CWE-264 CVE-2011-4682: The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allow
The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites.
nvd
CVE-2006-4819P4MEDIUMCVSS 5.1v9.0v9.012006-10-17
CVE-2006-4819 [MEDIUM] CWE-119 CVE-2006-4819: Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code v
Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address).
nvd
CVE-2012-1928P4MEDIUMCVSS 6.4≤ 11.61v5.0+78 more2012-03-28
CVE-2012-1928 [MEDIUM] CWE-20 CVE-2012-1928: Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload fo
Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain.
nvd
CVE-2012-1927P4MEDIUMCVSS 6.4≤ 11.61v5.0+78 more2012-03-28
CVE-2012-1927 [MEDIUM] CWE-20 CVE-2012-1927: Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a
Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain.
nvd