Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opera_browser
(Opera)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 282 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-09-06 | CVE-2016-7153 | The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | Safari, Chrome, Edge, Internet_explorer, Firefox, Opera_browser | 5.3 | ||
| 2017-01-26 | CVE-2016-6908 | Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as "/", "?" in filepath causes the URL to be flipped and displayed from Right To Left.... | Opera_browser | 6.1 | ||
| 2014-02-06 | CVE-2014-1870 | Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. | Opera_browser | N/A | ||
| 2014-02-06 | CVE-2014-0815 | The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies. | Opera_browser | N/A | ||
| 2013-09-13 | CVE-2013-4705 | Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. | Opera_browser | N/A | ||
| 2013-04-19 | CVE-2013-3211 | Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue." | Opera_browser | N/A | ||
| 2013-04-19 | CVE-2013-3210 | Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain. | Opera_browser | N/A | ||
| 2013-02-08 | CVE-2013-1639 | Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. | Opera_browser | N/A | ||
| 2013-02-08 | CVE-2013-1638 | Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. | Opera_browser | N/A | ||
| 2013-02-08 | CVE-2013-1637 | Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. | Opera_browser | N/A |