Opera Browser vulnerabilities
274 known vulnerabilities affecting opera/opera_browser.
Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12
Vulnerabilities
Page 5 of 14
CVE-2007-1737P4HIGHCVSS 7.5v9.102007-03-28
CVE-2007-1737 [HIGH] CVE-2007-1737: Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing s
Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
nvd
CVE-2008-1081P4MEDIUMCVSS 6.8≤ 9.25v1.00+63 more2008-02-29
CVE-2008-1081 [MEDIUM] CWE-94 CVE-2008-1081: Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.
nvd
CVE-2012-1929P4MEDIUMCVSS 6.4≤ 11.61v5.0+76 more2012-03-28
CVE-2012-1929 [MEDIUM] CWE-20 CVE-2012-1929: Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialo
Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area.
nvd
CVE-2007-6524P4HIGHCVSS 7.8≤ 9.24v5.0+47 more2007-12-24
CVE-2007-6524 [HIGH] CWE-200 CVE-2007-6524: Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a craf
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.
nvd
CVE-2009-3046P4HIGHCVSS 7.5fixed in 10.002009-09-02
CVE-2009-3046 [HIGH] CWE-295 CVE-2009-3046: Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.
nvd
CVE-2008-4200P4MEDIUMCVSS 6.4≤ 9.51v5.0+52 more2008-09-27
CVE-2008-4200 [MEDIUM] CWE-20 CVE-2008-4200: Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual
Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.
nvd
CVE-2007-6523P4HIGHCVSS 7.8v9.0v9.01+9 more2007-12-24
CVE-2007-6523 [HIGH] CWE-189 CVE-2007-6523: Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks.
nvd
CVE-2008-1080P4MEDIUMCVSS 6.8≤ 9.25v1.00+63 more2008-02-29
CVE-2008-1080 [MEDIUM] CWE-20 CVE-2008-1080: Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user i
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.
nvd
CVE-2007-0802P4MEDIUMCVSS 6.4v9.102007-02-07
CVE-2007-0802 [MEDIUM] CWE-20 CVE-2007-0802: Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by addin
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.
nvd
CVE-2013-1639P4MEDIUMCVSS 6.8≤ 12.12v12.00+4 more2013-02-08
CVE-2013-1639 [MEDIUM] CWE-352 CVE-2013-1639: Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
nvd
CVE-2003-0593P4HIGHCVSS 7.5v5.0v5.02+21 more2004-04-15
CVE-2003-0593 [HIGH] CWE-22 CVE-2003-0593: Opera allows remote attackers to bypass intended cookie access restrictions on a web application via
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
nvd
CVE-2010-4582P4MEDIUMCVSS 5.0≤ 11.00v5.0+71 more2010-12-22
CVE-2010-4582 [MEDIUM] CWE-264 CVE-2010-4582: Opera before 11.00 does not properly handle security policies during updates to extensions, which mi
Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
nvd
CVE-2011-2634P4MEDIUMCVSS 5.0≤ 11.10v5.0+74 more2011-07-01
CVE-2011-2634 [MEDIUM] CWE-20 CVE-2011-2634: Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspeci
Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.
nvd
CVE-2010-3020P4MEDIUMCVSS 5.0≤ 10.60v1.00+85 more2010-08-16
CVE-2010-3020 [MEDIUM] CWE-264 CVE-2010-3020: The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows r
The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content.
nvd
CVE-2009-0915P4MEDIUMCVSS 6.8fixed in 9.642009-03-16
CVE-2009-0915 [MEDIUM] CWE-79 CVE-2009-0915: Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified
Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.
nvd
CVE-2009-2059P4MEDIUMCVSS 6.8≤ 9.22v7.0+19 more2009-06-15
CVE-2009-2059 [MEDIUM] CWE-287 CVE-2009-2059: Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provid
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
nvd
CVE-2011-1824P4MEDIUMCVSS 4.3≤ 10.60v5.0+68 more2011-05-10
CVE-2011-1824 [MEDIUM] CWE-20 CVE-2011-1824: The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during
The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or possibly execute arbitrary code, via a large integer attrib
nvd
CVE-2005-3059P4CRITICALCVSS 10.0v8.502005-09-26
CVE-2005-3059 [CRITICAL] CVE-2005-3059: Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and atta
Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding."
nvd
CVE-2011-4681P4MEDIUMCVSS 5.0≤ 11.60v5.0+77 more2011-12-07
CVE-2011-4681 [MEDIUM] CWE-264 CVE-2011-4681: Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally e
Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain.
nvd
CVE-2012-6460P4MEDIUMCVSS 5.0≤ 11.66v1.00+103 more2013-01-02
CVE-2012-6460 [MEDIUM] CVE-2012-6460: Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, an
Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site.
nvd