opera browser · threatengine.sh

CVE-2018-18913

< 57.0.3098.106

Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed

7.8HIGH

CVE-2018-6608

all versions

In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such

4.3MEDIUM

CVE-2016-4075

all versions

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the ab

6.1MEDIUM

CVE-2016-6908

all versions

Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for An

6.1MEDIUM

CVE-2016-7153

all versions

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which m

5.3MEDIUM

CVE-2015-4000

all versions

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly conv

3.7LOW

CVE-2014-1870

<= 18.00

Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop o

CVE-2014-0815

<= 17.00

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction err

CVE-2013-4705

<= 15.00

Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by l

CVE-2013-3211

<= 12.14

Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."

CVE-2013-3210

<= 12.14

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensit

CVE-2013-1618

<= 12.12

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation durin

CVE-2013-1639

<= 12.12

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF pro

CVE-2013-1638

<= 12.12

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

CVE-2013-1637

<= 12.12

Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.

CVE-2012-6472

<= 12.11

Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive informati

CVE-2012-6471

<= 12.11

Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.

CVE-2012-6470

<= 12.11

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or ca

CVE-2012-6469

<= 12.10

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in

CVE-2012-6468

<= 12.10

Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (m

CVE-2012-6467

<= 12.10

Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it

CVE-2012-6466

<= 12.10

Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potential

CVE-2012-6465

<= 12.10

Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malfor

CVE-2012-6464

<= 12.10

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via

CVE-2012-6463

<= 12.10

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via

CVE-2012-6462

<= 12.10

Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attacke

CVE-2012-6461

<= 12.10

The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigge

CVE-2012-6460

<= 11.66

Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading

CVE-2012-4010

<= 11.60

Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerabilit

CVE-2012-4146

<= 12.00

Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrate

CVE-2012-4145

<= 12.00

Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unkno

CVE-2012-4144

<= 12.00

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in

CVE-2012-4143

<= 12.00

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers

CVE-2012-4142

<= 12.00

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML docume

CVE-2012-3568

<= 11.65

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as dem

CVE-2012-3567

<= 11.65

Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAM

CVE-2012-3566

<= 11.65

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code

CVE-2012-3565

<= 11.65

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain

CVE-2012-3564

<= 11.65

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=

CVE-2012-3563

<= 11.65

Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains inva

CVE-2012-3562

<= 11.65

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web p

CVE-2012-3561

<= 11.62

Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or c

CVE-2012-3560

<= 11.64

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which m

CVE-2012-3559

<= 12.00

Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity

CVE-2012-3558

<= 11.64

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to

CVE-2012-3557

<= 11.62

Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain l

CVE-2012-3556

<= 11.62

Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click acti

CVE-2012-3555

<= 11.62

Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-as

CVE-2012-1251

<= 9.62

Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof

CVE-2012-1931

<= 11.61

Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arb

CVE-2012-1930

<= 11.61

Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain

CVE-2012-1929

<= 11.61

Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that ca

CVE-2012-1928

<= 11.61

Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a diff

CVE-2012-1927

<= 11.61

Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with

CVE-2012-1926

<= 11.61

Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceS

CVE-2012-1925

<= 11.61

Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assist

CVE-2012-1924

<= 11.61

Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small

CVE-2012-1003

<= 11.60

Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via

CVE-2011-4690

<= 11.60

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading at

CVE-2011-4687

<= 11.60

Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a

CVE-2011-4686

<= 11.60

Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of ser

CVE-2011-4685

<= 11.60

Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content o

CVE-2011-4684

<= 11.60

Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related

CVE-2011-4683

<= 11.60

Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue."

CVE-2011-4682

<= 11.60

The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass t

CVE-2011-4681

<= 11.60

Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of differ

CVE-2010-5072

all versions

The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the g

CVE-2010-5068

all versions

The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows rem

CVE-2011-3389

all versions

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google

CVE-2011-3388

<= 11.50

Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related t

CVE-2008-7297

all versions

Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to

CVE-2011-2641

all versions

Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT eleme

CVE-2011-2640

<= 11.10

Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty

CVE-2011-2639

<= 11.10

Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service

CVE-2011-2638

<= 11.10

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unkno

CVE-2011-2637

<= 11.10

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unkno

CVE-2011-2636

<= 11.10

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unkno

CVE-2011-2635

<= 11.10

The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (applic

CVE-2011-2634

<= 11.10

Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.

CVE-2011-2633

<= 11.10

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vecto

CVE-2011-2632

<= 11.10

Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial

CVE-2011-2631

<= 11.10

The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which al

CVE-2011-2630

<= 11.10

Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page t

CVE-2011-2629

<= 11.10

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unkno

CVE-2011-2628

<= 11.10

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause

CVE-2011-2627

<= 11.50

Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (ap

CVE-2011-2626

<= 11.50

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the

CVE-2011-2625

<= 11.50

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains man

CVE-2011-2624

<= 11.50

Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which

CVE-2011-2623

<= 11.50

Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of servic

CVE-2011-2622

<= 11.50

Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of ser

CVE-2011-2621

<= 11.50

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vecto

CVE-2011-2620

<= 11.50

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vecto

CVE-2011-2619

<= 11.50

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a gradient with many stops, relate

CVE-2011-2618

<= 11.50

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO

CVE-2011-2617

<= 11.50

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vecto

CVE-2011-2616

<= 11.50

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unkn

CVE-2011-2615

<= 11.50

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknow

CVE-2011-2614

<= 11.50

The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors

CVE-2011-2613

<= 11.50

The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via

CVE-2011-2612

<= 11.50

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unkno

CVE-2011-2611

<= 11.50

Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a den

CVE-2011-2610

<= 11.50

Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."

CVE-2011-2609

<= 11.50

Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripti

CVE-2011-1337

<= 11.50

Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation

CVE-2011-1824

<= 10.60

The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribu

CVE-2011-0687

<= 11.00

Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remo

CVE-2011-0686

<= 11.00

Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unkno

CVE-2011-0685

<= 11.00

The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option,

CVE-2011-0684

<= 11.00

Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to

CVE-2011-0683

<= 11.00

Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickj

CVE-2011-0682

<= 11.00

Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of

CVE-2011-0681

<= 11.00

The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in t

CVE-2011-0450

<= 11.00

The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing applicat

CVE-2010-4587

<= 11.00

Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it eas

CVE-2010-4586

<= 11.00

The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack v

CVE-2010-4585

<= 11.00

Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of serv

CVE-2010-4584

<= 11.00

Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https

CVE-2010-4583

<= 11.00

Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote a

CVE-2010-4582

<= 11.00

Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to

CVE-2010-4581

<= 11.00

Unspecified vulnerability in Opera before 11.00 has unknown impact and attack vectors, related to "a high severity issue."

CVE-2010-4580

<= 11.00

Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to

CVE-2010-4579

<= 11.00

Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote at

CVE-2010-4050

<= 10.62

Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an I

CVE-2010-4049

<= 10.62

Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent W

CVE-2010-4048

<= 10.62

Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect

CVE-2010-4047

<= 10.62

Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows us

CVE-2010-4046

<= 10.62

Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive informa

CVE-2010-4045

<= 10.62

Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allow

CVE-2010-4044

<= 10.62

Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which all

CVE-2010-4043

<= 10.62

Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS to

CVE-2010-3021

<= 10.60

Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and applicat

CVE-2010-3020

<= 10.60

The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subsc

CVE-2010-3019

<= 10.60

Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (a

CVE-2010-2576

<= 10.60

Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allo

CVE-2010-2666

<= 10.53

Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and dire

CVE-2010-2665

<= 10.53

Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows

CVE-2010-2664

<= 10.60

Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an un

CVE-2010-2663

<= 10.60

Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes

CVE-2010-2662

<= 10.60

Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."

CVE-2010-2661

<= 10.53

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full path

CVE-2010-2660

<= 10.53

Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homogra

CVE-2010-2659

<= 10.60

Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to

CVE-2010-2658

<= 10.60

Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows u

CVE-2010-2657

< 10.60

Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program locate

CVE-2010-2455

all versions

Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content,

CVE-2010-2421

<= 10.53

Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe

CVE-2010-2121

all versions

Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite

CVE-2010-1993

all versions

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to ca

CVE-2010-1989

all versions

Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL,

CVE-2010-1728

<= 10.52

Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously,

CVE-2010-1349

all versions

Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value,

CVE-2010-1310

all versions

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cache

CVE-2010-0653

all versions

Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type an

CVE-2009-4072

<= 10.10

Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."

CVE-2009-4071

<= 10.10

Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that ca

CVE-2009-3832

< 10.01

Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote

CVE-2009-3831

< 10.01

Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati

CVE-2009-3269

<= 9.52

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submission

CVE-2009-3266

all versions

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-s

CVE-2009-3265

all versions

Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1

CVE-2008-7245

<= 9.52

Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print functio

CVE-2009-3049

<= 10.00

Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allo

CVE-2009-3048

<= 10.00

Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows re

CVE-2009-3047

<= 10.00

Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited sit

CVE-2009-3046

< 10.00

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers

7.5HIGH

CVE-2009-3045

<= 10.00

Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attac

CVE-2009-3044

<= 10.00

Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject

CVE-2009-3013

<= 9.52

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, whi

CVE-2009-2577

<= 9.52

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via

CVE-2009-2540

<= 9.64

Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer va

CVE-2009-2351

<= 9.52

Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to cond

CVE-2009-2070

all versions

Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in

CVE-2009-2067

<= 9.22

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers t

CVE-2009-2063

<= 9.24

Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-midd

CVE-2009-2059

<= 9.22

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CON

CVE-2009-1599

all versions

Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in a

CVE-2009-1234

all versions

Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series o

CVE-2009-0916

<= 9.63

Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."

CVE-2009-0915

< 9.64

Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.

CVE-2009-0914

<= 9.63

Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.

CVE-2008-5683

<= 9.62

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.

CVE-2008-5682

<= 9.62

Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via b

CVE-2008-5681

<= 9.62

Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existi

CVE-2008-5680

<= 9.62

Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area,

CVE-2008-4725

all versions

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML

CVE-2008-4698

<= 9.60

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary

CVE-2008-4697

<= 9.60

The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the

CVE-2008-4694

<= 9.60

Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute

CVE-2008-4292

<= 9.51

Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and a

CVE-2008-4200

<= 9.51

Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote atta

CVE-2008-4199

<= 9.51

Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote at

CVE-2008-4198

<= 9.51

Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a se

CVE-2008-4197

< 9.52

Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument

8.8HIGH

CVE-2008-4196

<= 9.51

Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via u

CVE-2008-4195

<= 9.51

Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different fr

CVE-2008-3078

<= 9.50

Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to

CVE-2008-2716

< 9.5

Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent p

CVE-2008-2715

<= 9.50

Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that us

CVE-2008-2714

<= 9.25

Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page addre

CVE-2008-1762

<= 9.26

Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted s

CVE-2008-1082

<= 9.25

Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via craf

CVE-2008-1081

<= 9.25

Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which

CVE-2008-1080

<= 9.25

Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of t

CVE-2007-6524

<= 9.24

Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demo

CVE-2007-6523

all versions

Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (

CVE-2007-6522

<= 9.24

The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by usin

CVE-2007-6521

<= 9.24

Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.

CVE-2007-6520

<= 9.24

Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.

CVE-2007-5541

<= 9.23

Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to ex

CVE-2007-5540

<= 9.23

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypa

CVE-2007-5476

<= 9.23

Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "

CVE-2007-5276

all versions

Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct

CVE-2007-4944

all versions

The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it t

CVE-2007-4367

< 9.23

Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call

CVE-2007-3929

< 9.22

Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbit

CVE-2007-3819

all versions

Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which

CVE-2007-3142

all versions

Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attac

CVE-2007-2809

< 9.21

Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrar

CVE-2007-2274

all versions

The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application c

CVE-2007-2022

all versions

Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to o

CVE-2007-1737

all versions

Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows re

CVE-2007-1563

all versions

The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to o

CVE-2007-1377

all versions

AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial

CVE-2007-1115

all versions

The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an H

CVE-2007-0802

all versions

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the en

CVE-2006-6970

all versions

Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a dom

CVE-2006-6955

all versions

Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nest

CVE-2007-0127

<= 9.02

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request,

CVE-2007-0126

all versions

Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number

CVE-2006-4819

all versions

Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long l

CVE-2006-3945

all versions

The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the bac

CVE-2006-3353

< 9.01

Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory

CVE-2006-3331

< 9.0

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows

CVE-2006-3199

all versions

Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a l

CVE-2006-3198

<= 8.5.4

Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height an

CVE-2006-1834

<= 8.53

Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet at

CVE-2005-4718

<= 8.02

Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "con

CVE-2005-4210

< 8.51

Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of

CVE-2005-3946

all versions

Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the remo

CVE-2005-3750

< 8.51

Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks)

CVE-2005-3699

all versions

Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image

CVE-2005-3059

all versions

Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " h

CVE-2005-3041

< 8.50

Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads."

CVE-2005-3007

< 8.50

Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might

CVE-2005-3006

<= 8.02

The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might al

CVE-2005-2407

<= 8.01

A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new wi

CVE-2005-2406

all versions

Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a

CVE-2005-2405

all versions

Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in th

CVE-2005-2309

all versions

Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using

CVE-2005-2273

>= 7.00 and < 8.01

Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows r

CVE-2005-1669

< 8.01

Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or H

CVE-2005-1475

< 8.01

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthor

CVE-2005-0457

<= 7.54

Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inse

CVE-2005-0238

<= 7.54

The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domai

CVE-2005-0235

<= 7.54

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded dom

CVE-2005-1139

all versions

Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certifi

CVE-2005-0233

<= 7.54

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof

CVE-2005-0456

<= 7.54

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be

CVE-2004-1201

<= 7.54

Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using

CVE-2004-1157

>= 7.0 and <= 7.54

Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from

CVE-2004-2659

all versions

Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers

CVE-2004-2570

< 7.54

Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read a

CVE-2004-2491

<= 7.53

A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, whi

CVE-2004-2260

< 7.50

Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote

CVE-2004-1810

<= 7.23

The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object wi

CVE-2004-1491

<= 7.54

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code v

CVE-2004-1490

<= 7.54

Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII

CVE-2004-1489

<= 7.54

Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attacker

CVE-2004-1615

<= 7.54

Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML

CVE-2004-0872

all versions

Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL

CVE-2004-0537

<= 7.50

Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could all

CVE-2004-0717

all versions

Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that

CVE-2004-0473

< 7.50

Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet UR

CVE-2003-0593

all versions

Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) di

CVE-2004-2083

>= 7.0 and <= 7.23

Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in

CVE-2003-1420

>= 6.0 and < 7.02

Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to i

CVE-2003-1397

all versions

The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request co

CVE-2003-1396

>= 6.0 and <= 7.10

Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly ex

CVE-2003-1388

all versions

Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension

CVE-2003-1387

all versions

Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL w

CVE-2003-0870

all versions

Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large numbe