Home/Product/opera browser
Product

opera browser

310 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2018-16135
all versions
The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a craf
6.5MEDIUM
 CVE-2021-23253
< 53.1
Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL
5.3MEDIUM
 CVE-2020-6159
< 61.0.3076.56532
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting
6.1MEDIUM
 CVE-2020-6157
< 2.4.5
Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious pag
4.3MEDIUM
 CVE-2019-12278
all versions
Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, d
4.3MEDIUM
 CVE-2019-19788
< 54.0.2669.49432
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service workin
5.5MEDIUM
 CVE-2019-18624
all versions
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right
9.8CRITICAL
 CVE-2019-13607
<= 16.0.14
The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a ja
6.1MEDIUM
 CVE-2018-18913
< 57.0.3098.106
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed
7.8HIGH
 CVE-2018-6608
all versions
In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such
4.3MEDIUM
 CVE-2016-4075
all versions
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the ab
6.1MEDIUM
 CVE-2016-6908
all versions
Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for An
6.1MEDIUM
 CVE-2016-7153
all versions
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which m
5.3MEDIUM
 CVE-2016-7152
all versions
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which ma
5.3MEDIUM
 CVE-2016-5101
all versions
Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary co
8.8HIGH
 CVE-2015-4000
all versions
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly conv
3.7LOW
 CVE-2014-1870
<= 18.00
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop o
 CVE-2014-0815
<= 17.00
The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction err
 CVE-2013-4705
<= 15.00
Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by l
 CVE-2013-3211
<= 12.14
Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."
 CVE-2013-3210
<= 12.14
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensit
 CVE-2013-1618
<= 12.12
The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation durin
 CVE-2013-1639
<= 12.12
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF pro
 CVE-2013-1638
<= 12.12
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
 CVE-2013-1637
<= 12.12
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
 CVE-2012-6472
<= 12.11
Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive informati
 CVE-2012-6471
<= 12.11
Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.
 CVE-2012-6470
<= 12.11
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or ca
 CVE-2012-6469
<= 12.10
Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in
 CVE-2012-6468
<= 12.10
Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (m
 CVE-2012-6467
<= 12.10
Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it
 CVE-2012-6466
<= 12.10
Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potential
 CVE-2012-6465
<= 12.10
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malfor
 CVE-2012-6464
<= 12.10
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via
 CVE-2012-6463
<= 12.10
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via
 CVE-2012-6462
<= 12.10
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attacke
 CVE-2012-6461
<= 12.10
The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigge
 CVE-2012-6460
<= 11.66
Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading
 CVE-2012-5180
<= 7.4
The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView c
 CVE-2010-5227
<= 10.61
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file
 CVE-2012-4010
<= 11.60
Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerabilit
 CVE-2012-4146
<= 12.00
Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrate
 CVE-2012-4145
<= 12.00
Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unkno
 CVE-2012-4144
<= 12.00
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in
 CVE-2012-4143
<= 12.00
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers
 CVE-2012-4142
<= 12.00
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML docume
 CVE-2012-3568
<= 11.65
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as dem
 CVE-2012-3567
<= 11.65
Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAM
 CVE-2012-3566
<= 11.65
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code
 CVE-2012-3565
<= 11.65
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain
 CVE-2012-3564
<= 11.65
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=
 CVE-2012-3563
<= 11.65
Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains inva
 CVE-2012-3562
<= 11.65
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web p
 CVE-2012-3561
<= 11.62
Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or c
 CVE-2012-3560
<= 11.64
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which m
 CVE-2012-3559
<= 12.00
Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity
 CVE-2012-3558
<= 11.64
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to
 CVE-2012-3557
<= 11.62
Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain l
 CVE-2012-3556
<= 11.62
Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click acti
 CVE-2012-3555
<= 11.62
Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-as
 CVE-2012-1251
<= 9.62
Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof
 CVE-2012-1931
<= 11.61
Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arb
 CVE-2012-1930
<= 11.61
Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain
 CVE-2012-1929
<= 11.61
Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that ca
 CVE-2012-1928
<= 11.61
Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a diff
 CVE-2012-1927
<= 11.61
Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with
 CVE-2012-1926
<= 11.61
Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceS
 CVE-2012-1925
<= 11.61
Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assist
 CVE-2012-1924
<= 11.61
Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small
 CVE-2012-1003
<= 11.60
Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via
 CVE-2011-4690
<= 11.60
Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading at
 CVE-2011-4687
<= 11.60
Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a
 CVE-2011-4686
<= 11.60
Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of ser
 CVE-2011-4685
<= 11.60
Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content o
 CVE-2011-4684
<= 11.60
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related
 CVE-2011-4683
<= 11.60
Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."
 CVE-2011-4682
<= 11.60
The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass t
 CVE-2011-4681
<= 11.60
Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of differ
 CVE-2010-5072
all versions
The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the g
 CVE-2010-5068
all versions
The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows rem
 CVE-2011-3389
all versions
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google
 CVE-2011-3388
<= 11.50
Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related t
 CVE-2008-7297
all versions
Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to
 CVE-2011-2641
all versions
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT eleme
 CVE-2011-2640
<= 11.10
Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty
 CVE-2011-2639
<= 11.10
Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service
 CVE-2011-2638
<= 11.10
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unkno
 CVE-2011-2637
<= 11.10
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unkno
 CVE-2011-2636
<= 11.10
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unkno
 CVE-2011-2635
<= 11.10
The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (applic
 CVE-2011-2634
<= 11.10
Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.
 CVE-2011-2633
<= 11.10
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vecto
 CVE-2011-2632
<= 11.10
Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial
 CVE-2011-2631
<= 11.10
The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which al
 CVE-2011-2630
<= 11.10
Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page t
 CVE-2011-2629
<= 11.10
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unkno
 CVE-2011-2628
<= 11.10
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause
 CVE-2011-2627
<= 11.50
Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (ap
 CVE-2011-2626
<= 11.50
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the
 CVE-2011-2625
<= 11.50
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains man
 CVE-2011-2624
<= 11.50
Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which
 CVE-2011-2623
<= 11.50
Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of servic
 CVE-2011-2622
<= 11.50
Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of ser
 CVE-2011-2621
<= 11.50
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vecto
 CVE-2011-2620
<= 11.50
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vecto
 CVE-2011-2619
<= 11.50
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a gradient with many stops, relate
 CVE-2011-2618
<= 11.50
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO
 CVE-2011-2617
<= 11.50
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vecto
 CVE-2011-2616
<= 11.50
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unkn
 CVE-2011-2615
<= 11.50
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknow
 CVE-2011-2614
<= 11.50
The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors
 CVE-2011-2613
<= 11.50
The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via
 CVE-2011-2612
<= 11.50
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unkno
 CVE-2011-2611
<= 11.50
Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a den
 CVE-2011-2610
<= 11.50
Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."
 CVE-2011-2609
<= 11.50
Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripti
 CVE-2011-1337
<= 11.50
Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation
 CVE-2011-1824
<= 10.60
The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribu
 CVE-2011-0687
<= 11.00
Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remo
 CVE-2011-0686
<= 11.00
Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unkno
 CVE-2011-0685
<= 11.00
The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option,
 CVE-2011-0684
<= 11.00
Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to
 CVE-2011-0683
<= 11.00
Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickj
 CVE-2011-0682
<= 11.00
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of
 CVE-2011-0681
<= 11.00
The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in t
 CVE-2011-0450
<= 11.00
The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing applicat
 CVE-2010-4587
<= 11.00
Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it eas
 CVE-2010-4586
<= 11.00
The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack v
 CVE-2010-4585
<= 11.00
Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of serv
 CVE-2010-4584
<= 11.00
Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https
 CVE-2010-4583
<= 11.00
Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote a
 CVE-2010-4582
<= 11.00
Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to
 CVE-2010-4581
<= 11.00
Unspecified vulnerability in Opera before 11.00 has unknown impact and attack vectors, related to "a high severity issue."
 CVE-2010-4580
<= 11.00
Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to
 CVE-2010-4579
<= 11.00
Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote at
 CVE-2010-4050
<= 10.62
Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an I
 CVE-2010-4049
<= 10.62
Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent W
 CVE-2010-4048
<= 10.62
Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect
 CVE-2010-4047
<= 10.62
Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows us
 CVE-2010-4046
<= 10.62
Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive informa
 CVE-2010-4045
<= 10.62
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allow
 CVE-2010-4044
<= 10.62
Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which all
 CVE-2010-4043
<= 10.62
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS to
 CVE-2010-3021
<= 10.60
Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and applicat
 CVE-2010-3020
<= 10.60
The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subsc
 CVE-2010-3019
<= 10.60
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (a
 CVE-2010-2576
<= 10.60
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allo
 CVE-2010-2666
<= 10.53
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and dire
 CVE-2010-2665
<= 10.53
Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows
 CVE-2010-2664
<= 10.60
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an un
 CVE-2010-2663
<= 10.60
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes
 CVE-2010-2662
<= 10.60
Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."
 CVE-2010-2661
<= 10.53
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full path
 CVE-2010-2660
<= 10.53
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homogra
 CVE-2010-2659
<= 10.60
Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to
 CVE-2010-2658
<= 10.60
Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows u
 CVE-2010-2657
< 10.60
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program locate
 CVE-2010-2455
all versions
Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content,
 CVE-2010-2421
<= 10.53
Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe
 CVE-2010-2121
all versions
Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite
 CVE-2010-1993
all versions
Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to ca
 CVE-2010-1989
all versions
Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL,
 CVE-2010-1728
<= 10.52
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously,
 CVE-2010-1349
all versions
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value,
 CVE-2010-1310
all versions
Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cache
 CVE-2010-0653
all versions
Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type an
 CVE-2009-4072
<= 10.10
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
 CVE-2009-4071
<= 10.10
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that ca
 CVE-2009-3832
< 10.01
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote
 CVE-2009-3831
< 10.01
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati
 CVE-2009-3269
<= 9.52
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submission
 CVE-2009-3266
all versions
Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-s
 CVE-2009-3265
all versions
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1
 CVE-2008-7245
<= 9.52
Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print functio
 CVE-2009-3049
<= 10.00
Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allo
 CVE-2009-3048
<= 10.00
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows re
 CVE-2009-3047
<= 10.00
Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited sit
 CVE-2009-3046
< 10.00
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers
7.5HIGH
 CVE-2009-3045
<= 10.00
Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attac
 CVE-2009-3044
<= 10.00
Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject
 CVE-2009-3013
<= 9.52
Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, whi
 CVE-2009-2577
<= 9.52
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via
 CVE-2009-2540
<= 9.64
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer va
 CVE-2009-2351
<= 9.52
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to cond
 CVE-2009-2070
all versions
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in
 CVE-2009-2068
all versions
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle att
 CVE-2009-2067
<= 9.22
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers t
 CVE-2009-2063
<= 9.24
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-midd
 CVE-2009-2059
<= 9.22
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CON
 CVE-2009-1599
all versions
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in a
 CVE-2009-1234
all versions
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series o
 CVE-2009-0916
<= 9.63
Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."
 CVE-2009-0915
< 9.64
Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.
 CVE-2009-0914
<= 9.63
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
 CVE-2008-5683
<= 9.62
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
 CVE-2008-5682
<= 9.62
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via b
 CVE-2008-5681
<= 9.62
Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existi
 CVE-2008-5680
<= 9.62
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area,
 CVE-2008-5679
all versions
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger
 CVE-2008-5428
all versions
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail
 CVE-2008-5178
all versions
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOT
 CVE-2008-4795
<= 9.61
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remo
 CVE-2008-4794
<= 9.61
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerabi
 CVE-2008-4725
all versions
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML
 CVE-2008-4698
<= 9.60
Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary
 CVE-2008-4697
<= 9.60
The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the
 CVE-2008-4696
all versions
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script
 CVE-2008-4695
<= 9.60
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cach
 CVE-2008-4694
<= 9.60
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute
 CVE-2008-4293
<= 9.51
Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause
 CVE-2008-4292
<= 9.51
Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and a
 CVE-2008-4200
<= 9.51
Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote atta
 CVE-2008-4199
<= 9.51
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote at
 CVE-2008-4198
<= 9.51
Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a se
 CVE-2008-4197
< 9.52
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument
8.8HIGH
 CVE-2008-4196
<= 9.51
Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via u
 CVE-2008-4195
<= 9.51
Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different fr
 CVE-2008-3172
all versions
Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could a
 CVE-2008-3079
<= 9.51
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
 CVE-2008-3078
<= 9.50
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to
 CVE-2008-2716
< 9.5
Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent p
 CVE-2008-2715
<= 9.50
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that us
 CVE-2008-2714
<= 9.25
Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page addre
 CVE-2008-1764
<= 9.26
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inp
 CVE-2008-1762
<= 9.26
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted s
 CVE-2008-1761
<= 9.26
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted n
 CVE-2008-1082
<= 9.25
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via craf
 CVE-2008-1081
<= 9.25
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which
 CVE-2008-1080
<= 9.25
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of t
 CVE-2007-6524
<= 9.24
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demo
 CVE-2007-6523
all versions
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (
 CVE-2007-6522
<= 9.24
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by usin
 CVE-2007-6521
<= 9.24
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
 CVE-2007-6520
<= 9.24
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
 CVE-2007-5541
<= 9.23
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to ex
 CVE-2007-5540
<= 9.23
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypa
 CVE-2007-5476
<= 9.23
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "
 CVE-2007-5276
all versions
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct
 CVE-2007-4944
all versions
The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it t
 CVE-2007-4367
< 9.23
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call
 CVE-2007-3929
< 9.22
Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbit
 CVE-2007-3819
all versions
Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which
 CVE-2007-3142
all versions
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attac
 CVE-2007-2809
< 9.21
Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrar
 CVE-2007-2274
all versions
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application c
 CVE-2007-2022
all versions
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to o
 CVE-2007-1737
all versions
Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows re
 CVE-2007-1563
all versions
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to o
 CVE-2007-1377
all versions
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial
 CVE-2007-1115
all versions
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an H
 CVE-2007-0802
all versions
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the en
 CVE-2006-6970
all versions
Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a dom
 CVE-2006-6955
all versions
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nest
 CVE-2007-0127
<= 9.02
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request,
 CVE-2007-0126
all versions
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number
 CVE-2006-4819
all versions
Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long l
 CVE-2006-3945
all versions
The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the bac
 CVE-2006-3353
< 9.01
Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory
 CVE-2006-3331
< 9.0
Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows
 CVE-2006-3199
all versions
Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a l
 CVE-2006-3198
<= 8.5.4
Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height an
 CVE-2006-1834
<= 8.53
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet at
 CVE-2005-4718
<= 8.02
Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "con
 CVE-2005-4210
< 8.51
Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of
 CVE-2005-3946
all versions
Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the remo
 CVE-2005-3750
< 8.51
Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks)
 CVE-2005-3699
all versions
Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image
 CVE-2005-3059
all versions
Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " h
 CVE-2005-3041
< 8.50
Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads."
 CVE-2005-3007
< 8.50
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might
 CVE-2005-3006
<= 8.02
The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might al
 CVE-2005-2407
<= 8.01
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new wi
 CVE-2005-2406
all versions
Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a
 CVE-2005-2405
all versions
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in th
 CVE-2005-2309
all versions
Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using
 CVE-2005-2273
>= 7.00 and < 8.01
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows r
 CVE-2005-1669
< 8.01
Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or H
 CVE-2005-1475
< 8.01
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthor
 CVE-2005-0457
<= 7.54
Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inse
 CVE-2005-0238
<= 7.54
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domai
 CVE-2005-0235
<= 7.54
The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded dom
 CVE-2005-1139
all versions
Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certifi
 CVE-2005-0233
<= 7.54
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof
 CVE-2005-0456
<= 7.54
Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be
 CVE-2004-1201
<= 7.54
Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using
 CVE-2004-1157
>= 7.0 and <= 7.54
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from
 CVE-2004-2659
all versions
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers
 CVE-2004-2570
< 7.54
Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read a
 CVE-2004-2491
<= 7.53
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, whi
 CVE-2004-2260
< 7.50
Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote
 CVE-2004-1810
<= 7.23
The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object wi
 CVE-2004-1491
<= 7.54
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code v
 CVE-2004-1490
<= 7.54
Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII
 CVE-2004-1489
<= 7.54
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attacker
 CVE-2004-1615
<= 7.54
Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML
 CVE-2004-0872
all versions
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL
 CVE-2004-0537
<= 7.50
Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could all
 CVE-2004-0717
all versions
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that
 CVE-2004-0473
< 7.50
Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet UR
 CVE-2003-0593
all versions
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) di
 CVE-2004-2083
>= 7.0 and <= 7.23
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in
 CVE-2003-1561
all versions
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote atta
 CVE-2003-1420
>= 6.0 and < 7.02
Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to i
 CVE-2003-1397
all versions
The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request co
 CVE-2003-1396
>= 6.0 and <= 7.10
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly ex
 CVE-2003-1388
all versions
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension
 CVE-2003-1387
all versions
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL w
 CVE-2003-0870
all versions
Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large numbe
 CVE-2002-2414
all versions
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (
 CVE-2002-2312
all versions
Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) e
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin