VuXML ID | Description |
e666498a-852a-11e0-8f78-080027ef73ec | Opera -- code injection vulnerability through broken frameset handling
Opera Software ASA reports:
Fixed an issue with framesets that could allow execution of
arbitrary code, as reported by an anonymous contributor working
with the SecuriTeam Secure Disclosure program.
Discovery 2011-05-18 Entry 2011-05-23 opera
< 11.11
opera-devel
< 11.11
linux-opera
< 11.11
http://www.opera.com/docs/changelogs/unix/1111/
http://www.opera.com/support/kb/view/992/
|
78ad2525-9d0c-11db-a5f6-000c6ec775d9 | opera -- multiple vulnerabilities
iDefense reports:
The vulnerability specifically exists due to Opera
improperly processing a JPEG DHT marker. The DHT marker is
used to define a Huffman Table which is used for decoding
the image data. An invalid number of index bytes in the
DHT marker will trigger a heap overflow with partially
user controlled data.
Exploitation of this vulnerability would allow an
attacker to execute arbitrary code on the affected
host. The attacker would first need to construct a website
containing the malicious image and trick the vulnerable
user into visiting the site. This would trigger the
vulnerability and allow the code to execute with the
privileges of the local user.
A flaw exists within Opera's Javascript SVG
implementation. When processing a
createSVGTransformFromMatrix request Opera does not
properly validate the type of object passed to the
function. Passing an incorrect object to this function can
result in it using a pointer that is user controlled when
it attempts to make the virtual function call.
Exploitation of this vulnerability would allow an
attacker to execute arbitrary code on the affected
host. The attacker would first need to construct a website
containing the malicious JavaScript and trick the
vulnerable user into visiting the site. This would trigger
the vulnerability and allow the code to execute with the
privileges of the local user.
Discovery 2007-01-05 Entry 2007-01-05 Modified 2010-05-12 opera
opera-devel
linux-opera
< 9.10
CVE-2007-0126
CVE-2007-0127
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458
http://www.opera.com/support/search/supsearch.dml?index=851
http://www.opera.com/support/search/supsearch.dml?index=852
|
2eda0c54-34ab-11e0-8103-00215c6a37bb | opera -- multiple vulnerabilities
Opera reports:
Opera 11.01 is a recommended upgrade offering security and
stability enhancements.
The following security vulnerabilities have been fixed:
- Removed support for "
javascript: " URLs in
CSS -o-link values, to make it easier for sites to filter
untrusted CSS.
- Fixed an issue where large form inputs could allow
execution of arbitrary code, as reported by Jordi Chancel;
see our advisory.
- Fixed an issue which made it possible to carry out
clickjacking attacks against internal opera: URLs;
see our advisory.
- Fixed issues which allowed web pages to gain limited
access to files on the user's computer; see our
advisory.
- Fixed an issue where email passwords were not immediately
deleted when deleting private data; see our
advisory.
Discovery 2011-01-26 Entry 2011-02-10 opera
opera-devel
linux-opera
< 11.01
CVE-2011-0450
CVE-2011-0681
CVE-2011-0682
CVE-2011-0683
CVE-2011-0684
CVE-2011-0685
CVE-2011-0686
CVE-2011-0687
http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://secunia.com/advisories/43023
|
1fe734bf-4a06-11db-b48d-00508d6a62df | opera -- RSA Signature Forgery
Opera reports:
A specially crafted digital certificate can bypass Opera's
certificate signature verification. Forged certificates can
contain any false information the forger chooses, and Opera
will still present it as valid. Opera will not present any
warning dialogs in this case, and the security status will
be the highest possible (3). This defeats the protection
against "man in the middle", the attacks that SSL was
designed to prevent.
There is a flaw in OpenSSL's RSA signature verification
that affects digital certificates using 3 as the public
exponent. Some of the certificate issuers that are on
Opera's list of trusted signers have root certificates with
3 as the public exponent. The forged certificate can appear
to be signed by one of these.
Discovery 2006-09-18 Entry 2006-09-22 opera
opera-devel
linux-opera
< 9.02
CVE-2006-4339
http://secunia.com/advisories/21982/
http://secunia.com/advisories/21709/
http://www.cdc.informatik.tu-darmstadt.de/securebrowser/
http://www.openssl.org/news/secadv_20060905.txt
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
|
0925716f-34e2-11e2-aa75-003067c2616f | opera -- execution of arbitrary code
Opera reports:
When requesting pages using HTTP, Opera temporarily stores the
response in a buffer. In some cases, Opera may incorrectly allocate
too little space for a buffer, and may then store too much of the
response in that buffer. This causes a buffer overflow, which in
turn can lead to a memory corruption and crash. It is possible to
use this crash to execute the overflowing data as code, which may
be controlled by an attacking site.
Discovery 2012-11-19 Entry 2012-11-22 Modified 2014-04-30 opera
< 12.11
opera-devel
< 12.11
linux-opera
< 12.11
linux-opera-devel
< 12.11
http://www.opera.com/support/kb/view/1036/
|
38daea4f-2851-11e2-9483-14dae938ec40 | opera -- multiple vulnerabilities
Opera reports:
CORS (Cross-Origin Resource Sharing) allows web pages to retrieve
the contents of pages from other sites, with their permission,
as they would appear for the current user.
When requests are made in this way, the browser should only allow
the page content to be retrieved if the target site sends the
correct headers that give permission for their contents to be
used in this way. Specially crafted requests may trick Opera
into thinking that the target site has given permission when it
had not done so. This can result in the contents of any target page
being revealed to untrusted sites, including any
sensitive information or session IDs contained within the
source of those pages.
Also reported are vulnerabilities involving SVG graphics and XSS.
Discovery 2012-11-06 Entry 2012-11-06 Modified 2014-04-30 opera
< 12.10
opera-devel
< 12.10
linux-opera
< 12.10
linux-opera-devel
< 12.10
http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1033/
|
4867ae85-608d-11db-8faf-000c6ec775d9 | opera -- URL parsing heap overflow vulnerability
iDefense Labs reports:
Remote exploitation of a heap overflow vulnerability
within version 9 of Opera Software's Opera Web browser
could allow an attacker to execute arbitrary code on the
affected host.
A flaw exists within Opera when parsing a tag that
contains a URL. A heap buffer with a constant size of 256
bytes is allocated to store the URL, and the tag's URL is
copied into this buffer without sufficient bounds checking
of its length.
Discovery 2006-10-17 Entry 2006-10-20 opera
opera-devel
linux-opera
gt 9.* lt 9.02
CVE-2006-4819
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424
http://secunia.com/advisories/22218/
http://www.opera.com/support/search/supsearch.dml?index=848
|
df4a7d21-4b17-11dc-9fc2-001372ae3ab9 | opera -- Vulnerability in javascript handling
An advisory from Opera reports:
A specially crafted JavaScript can make Opera execute
arbitrary code.
Discovery 2007-08-03 Entry 2007-08-15 Modified 2007-08-25 opera
opera-devel
linux-opera
< 9.23.20070809
http://www.opera.com/support/search/view/865/
|
12d266b6-363f-11dc-b6c9-000c6ec775d9 | opera -- multiple vulnerabilities
Opera Software ASA reports of multiple security fixes in
Opera, including an arbitrary code execute
vulnerability:
Opera for Linux, FreeBSD, and Solaris has a flaw in the
createPattern function that leaves old data that was in
the memory before Opera allocated it in the new
pattern. The pattern can be read and analyzed by
JavaScript, so an attacker can get random samples of the
user's memory, which may contain data.
Removing a specially crafted torrent from the download
manager can crash Opera. The crash is caused by an
erroneous memory access.
An attacker needs to entice the user to accept the
malicious BitTorrent download, and later remove it from
Opera's download manager. To inject code, additional means
will have to be employed.
Users clicking a BitTorrent link and rejecting the
download are not affected.
data: URLs embed data inside them, instead of linking to
an external resource. Opera can mistakenly display the end
of a data URL instead of the beginning. This allows an
attacker to spoof the URL of a trusted site.
Opera's HTTP authentication dialog is displayed when the
user enters a Web page that requires a login name and a
password. To inform the user which server it was that
asked for login credentials, the dialog displays the
server name.
The user has to see the entire server name. A truncated
name can be misleading. Opera's authentication dialog cuts
off the long server names at the right hand side, adding
an ellipsis (...) to indicate that it has been cut off.
The dialog has a predictable size, allowing an attacker
to create a server name which will look almost like a
trusted site, because the real domain name has been cut
off. The three dots at the end will not be obvious to all
users.
This flaw can be exploited by phishers who can set up
custom sub-domains, for example by hosting their own
public DNS.
Discovery 2007-07-19 Entry 2007-07-19 Modified 2010-05-12 opera
opera-devel
linux-opera
< 9.22
CVE-2007-3929
CVE-2007-4944
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=564
http://www.opera.com/support/search/view/861/
http://www.opera.com/support/search/view/862/
http://www.opera.com/support/search/view/863/
http://www.opera.com/support/search/view/864/
http://www.opera.com/docs/changelogs/freebsd/922/
|
85f33a8d-492f-11e2-aa75-003067c2616f | opera -- execution of arbitrary code
Opera reports:
When loading GIF images into memory, Opera should allocate the
correct amount of memory to store that image. Specially crafted
image files can cause Opera to allocate the wrong amount of memory.
Subsequent data may then overwrite unrelated memory with
attacker-controlled data. This can lead to a crash, which may also
execute that data as code.
Discovery 2012-12-18 Entry 2012-12-18 Modified 2014-04-30 opera
< 12.12
opera-devel
< 12.12
linux-opera
< 12.12
linux-opera-devel
< 12.12
http://www.opera.com/support/kb/view/1038/
http://www.opera.com/support/kb/view/1039/
|
a4a809d8-25c8-11e1-b531-00215c6a37bb | opera -- multiple vulnerabilities
Opera software reports:
- Fixed a moderately severe issue; details will be
disclosed at a later date
- Fixed an issue that could allow pages to set cookies
or communicate cross-site for some top level domains;
see our advisory
- Improved handling of certificate revocation corner
cases
- Added a fix for a weakness in the SSL v3.0 and TLS 1.0
specifications, as reported by Thai Duong and Juliano Rizzo;
see our advisory
- Fixed an issue where the JavaScript "in" operator
allowed leakage of cross-domain information, as reported
by David Bloom; see our advisory
Discovery 2011-12-06 Entry 2011-12-13 opera
linux-opera
< 11.60
opera-devel
< 11.60,1
CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
|
4582948a-9716-11de-83a5-001999392805 | opera -- multiple vulnerabilities
Opera Team Reports:
- Issue where sites using revoked intermediate certificates might be shown as secure
- Issue where the collapsed address bar didn't show the current domain
- Issue where pages could trick users into uploading files
- Some IDNA characters not correctly displaying in the address bar
- Issue where Opera accepts nulls and invalid wild-cards in certificates
Discovery 2009-09-01 Entry 2009-09-04 Modified 2009-10-29 opera
< 10.00.20090830
opera-devel
le 10.00.b3_1,1
linux-opera
< 10.00
http://www.opera.com/support/search/view/929/
http://www.opera.com/support/search/view/930/
http://www.opera.com/support/search/view/931/
http://www.opera.com/support/search/view/932/
http://www.opera.com/support/search/view/934/
|
ea0f45e2-6c4b-11e2-98d9-003067c2616f | opera -- execution of arbitrary code
Opera reports:
Particular DOM event manipulations can cause Opera to crash. In
some cases, this crash might occur in a way that allows execution
of arbitrary code. To inject code, additional techniques would
have to be employed.
Discovery 2013-01-30 Entry 2013-02-01 opera
opera-devel
linux-opera
linux-opera-devel
< 12.13
http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
|
30c560ff-e0df-11dc-891a-02061b08fc24 | opera -- multiple vulnerabilities
Opera Software ASA reports about multiple security
fixes:
- Fixed an issue where simulated text inputs could trick
users into uploading arbitrary files, as reported by
Mozilla.
- Image properties can no longer be used to execute
scripts, as reported by Max Leonov.
- Fixed an issue where the representation of DOM
attribute values could allow cross site scripting, as
reported by Arnaud.lb.
Discovery 2008-02-20 Entry 2008-02-22 Modified 2010-05-12 opera
opera-devel
linux-opera
< 9.26
CVE-2008-1080
CVE-2008-1081
http://www.opera.com/docs/changelogs/freebsd/926/
http://www.opera.com/support/search/view/877/
http://www.opera.com/support/search/view/879/
http://www.opera.com/support/search/view/880/
|
44224e08-8306-11dc-9283-0016179b2dd5 | opera -- multiple vulnerabilities
An advisory from Opera reports:
If a user has configured Opera to use an external newsgroup
client or e-mail application, specially crafted Web pages can
cause Opera to run that application incorrectly. In some cases
this can lead to execution of arbitrary code.
When accesing frames from different Web sites, specially crafted
scripts can bypass the same-origin policy, and overwrite functions
from those frames. If scripts on the page then run those functions,
this can cause the script of the attacker's choice to run in the
context of the target Web site.
Discovery 2007-10-17 Entry 2007-10-25 opera
opera-devel
linux-opera
< 9.24
CVE-2007-5540
CVE-2007-5541
http://www.opera.com/support/search/view/866/
http://www.opera.com/support/search/view/867/
http://secunia.com/advisories/27277/
|
77b9f9bc-7fdf-11df-8a8d-0008743bf21a | opera -- Data URIs can be used to allow cross-site scripting
The Opera Desktop Team reports:
Data URIs are allowed to run scripts that manipulate
pages from the site that directly opened them. In some cases, the opening site
is not correctly detected. In these cases, Data URIs may erroneously be able to
run scripts so that they interact with sites that did not directly cause them to
be opened.
Discovery 2010-06-21 Entry 2010-06-25 opera
< 10.11
opera-devel
le 10.20_2,1
http://www.opera.com/support/kb/view/955/
|
31b045e7-ae75-11dc-a5f9-001a4d49522b | opera -- multiple vulnerabilities
Opera Software ASA reports about multiple security
fixes:
- Fixed an issue where plug-ins could be used to allow
cross domain scripting, as reported by David
Bloom. Details will be disclosed at a later date.
- Fixed an issue with TLS certificates that could be
used to execute arbitrary code, as reported by Alexander
Klink (Cynops GmbH). Details will be disclosed at a
later date.
- Rich text editing can no longer be used to allow cross
domain scripting, as reported by David Bloom. See our
advisory.
- Prevented bitmaps from revealing random data from
memory, as reported by Gynvael Coldwind. Details will be
disclosed at a later date.
Discovery 2007-12-19 Entry 2007-12-19 Modified 2007-12-29 opera
opera-devel
linux-opera
< 9.25
CVE-2007-6520
CVE-2007-6521
CVE-2007-6522
CVE-2007-6524
http://www.opera.com/docs/changelogs/freebsd/925/
http://www.opera.com/support/search/view/875/
|
cebed39d-9e6f-11e2-b3f5-003067c2616f | opera -- moderately severe issue
Opera reports:
Fixed a moderately severe issue, as reported by Attila Suszte.
Discovery 2013-04-04 Entry 2014-04-30 opera
< 12.15
opera-devel
< 12.15
linux-opera
< 12.15
linux-opera-devel
< 12.15
http://www.opera.com/docs/changelogs/unified/1215/
http://www.opera.com/support/kb/view/1046/
http://www.opera.com/support/kb/view/1047/
|