Opera Browser vulnerabilities

CVE-2009-3049 [MEDIUM] CVE-2009-3049: Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.

CVE-2009-3044 [MEDIUM] CWE-310 CVE-2009-3044: Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character i Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVE-2009-3045 [MEDIUM] CWE-310 CVE-2009-3045: Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easi Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.

CVE-2009-3013 [MEDIUM] CWE-79 CVE-2009-3013: Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI w

CVE-2009-2577 [MEDIUM] CVE-2009-2577: Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumpt Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.

CVE-2009-2540 [MEDIUM] CVE-2009-2540: Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consu Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

CVE-2009-2351 [MEDIUM] CVE-2009-2351: Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which a Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1

CVE-2009-2063 [MEDIUM] CWE-287 CVE-2009-2063: Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

CVE-2009-2067 [MEDIUM] CWE-287 CVE-2009-2067: Opera detects http content in https web pages only when the top-level frame uses https, which allows Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

CVE-2009-2059 [MEDIUM] CWE-287 CVE-2009-2059: Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provid Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CVE-2009-1234 [MEDIUM] CWE-20 CVE-2009-1234: Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML docum Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.

CVE-2009-0916 [CRITICAL] CVE-2009-0916: Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a " Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."

CVE-2009-0914 [CRITICAL] CWE-399 CVE-2009-0914: Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that tr Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.

CVE-2009-0915 [MEDIUM] CWE-79 CVE-2009-0915: Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.

CVE-2008-5680 [CRITICAL] CVE-2008-5680: Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.

CVE-2008-5683 [HIGH] CWE-200 CVE-2008-5683: Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via u Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.

CVE-2008-5681 [MEDIUM] CVE-2008-5681: Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows r Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.

CVE-2008-5682 [MEDIUM] CWE-79 CVE-2008-5682: Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbi Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.

CVE-2008-4694 [CRITICAL] CWE-59 CVE-2008-4694: Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.

CVE-2008-4698 [MEDIUM] CWE-264 CVE-2008-4698: Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds.