cbcvebase.

Opera Browser vulnerabilities

274 known vulnerabilities affecting opera/opera_browser.

Total CVEs
274
CISA KEV
0
Public exploits
26
Exploited in wild
2
Severity breakdown
CRITICAL43HIGH23MEDIUM196LOW12

Vulnerabilities

Page 6 of 14
CVE-2007-3142P4MEDIUMCVSS 5.8v9.212007-06-11
CVE-2007-3142 [MEDIUM] CVE-2007-3142: Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and p Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
nvd
CVE-2005-0456P4MEDIUMCVSS 5.0≤ 7.542005-01-12
CVE-2005-0456 [MEDIUM] CVE-2005-0456: Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) U Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.
nvd
CVE-2004-1157P4HIGHCVSS 7.5≥ 7.0, ≤ 7.542005-01-10
CVE-2004-1157 [HIGH] CWE-74 CVE-2004-1157: Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web si Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
nvd
CVE-2012-1926P4MEDIUMCVSS 5.0≤ 11.61v5.0+78 more2012-03-28
CVE-2012-1926 [MEDIUM] CWE-200 CVE-2012-1926: Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.push Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.
nvd
CVE-2012-6462P4MEDIUMCVSS 5.0≤ 12.10v1.00+105 more2013-01-02
CVE-2012-6462 [MEDIUM] CWE-264 CVE-2012-6462: Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specificatio Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.
nvd
CVE-2012-6471P4MEDIUMCVSS 5.0≤ 12.11v1.00+106 more2013-01-02
CVE-2012-6471 [MEDIUM] CVE-2012-6471: Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP reques Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.
nvd
CVE-2009-2063P4MEDIUMCVSS 6.8≤ 9.24v1.00+62 more2009-06-15
CVE-2009-2063 [MEDIUM] CWE-287 CVE-2009-2063: Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
nvd
CVE-2009-2067P4MEDIUMCVSS 6.8≤ 9.22v7.0+19 more2009-06-15
CVE-2009-2067 [MEDIUM] CWE-287 CVE-2009-2067: Opera detects http content in https web pages only when the top-level frame uses https, which allows Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
nvd
CVE-2016-4075P4MEDIUMCVSS 6.1v36.02017-04-21
CVE-2016-4075 [MEDIUM] CWE-601 CVE-2016-4075: Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HT Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.
nvd
CVE-2004-0717P4HIGHCVSS 7.5v7.50v7.512004-07-27
CVE-2004-0717 [HIGH] CVE-2004-0717: Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injec Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
nvd
CVE-2009-3049P4MEDIUMCVSS 5.0≤ 10.00v7.0+23 more2009-09-02
CVE-2009-3049 [MEDIUM] CVE-2009-3049: Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.
nvd
CVE-2005-1139P4HIGHCVSS 7.5v8.02005-04-14
CVE-2005-1139 [HIGH] CVE-2005-1139: Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks.
nvd
CVE-2009-3832P4MEDIUMCVSS 5.8fixed in 10.012009-10-30
CVE-2009-3832 [MEDIUM] CWE-601 CVE-2009-3832: Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
nvd
CVE-2016-6908P4MEDIUMCVSS 6.1v37.0.2192.1050882017-01-26
CVE-2016-6908 [MEDIUM] CWE-601 CVE-2016-6908: Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It w
nvd
CVE-2007-2022P4MEDIUMCVSS 6.8v5.0v5.02+42 more2007-04-13
CVE-2007-2022 [MEDIUM] CWE-200 CVE-2007-2022: Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613 Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.
nvd
CVE-2005-2405P4MEDIUMCVSS 5.0v8.012005-08-01
CVE-2005-2405 [MEDIUM] CWE-20 CVE-2005-2405: Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle e Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
nvd
CVE-2012-1251P4MEDIUMCVSS 5.8≤ 9.62v1.00+71 more2012-06-04
CVE-2012-1251 [MEDIUM] CWE-310 CVE-2012-1251: Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in- Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
nvd
CVE-2008-4195P4MEDIUMCVSS 5.0≤ 9.51v5.0+52 more2008-09-27
CVE-2008-4195 [MEDIUM] CWE-264 CVE-2008-4195: Opera before 9.52 does not properly restrict the ability of a framed web page to change the address Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script.
nvd
CVE-2012-6466P4MEDIUMCVSS 5.0≤ 12.10v1.00+105 more2013-01-02
CVE-2012-6466 [MEDIUM] CWE-200 CVE-2012-6466: Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.
nvd
CVE-2009-3045P4MEDIUMCVSS 5.0≤ 10.00v7.0+23 more2009-09-02
CVE-2009-3045 [MEDIUM] CWE-310 CVE-2009-3045: Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easi Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.
nvd
Opera Browser vulnerabilities | cvebase