Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opera_browser
(Opera)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 282 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2009-06-15 | CVE-2009-2059 | Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | Opera_browser | N/A | ||
| 2009-05-11 | CVE-2009-1599 | Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is... | Opera_browser | N/A | ||
| 2009-04-02 | CVE-2009-1234 | Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected. | Opera_browser | N/A | ||
| 2009-03-16 | CVE-2009-0916 | Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." | Opera_browser | N/A | ||
| 2009-03-16 | CVE-2009-0914 | Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. | Opera_browser | N/A | ||
| 2011-08-09 | CVE-2008-7297 | Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | Opera_browser | N/A | ||
| 2009-09-18 | CVE-2008-7245 | Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. | Opera_browser | N/A | ||
| 2008-12-19 | CVE-2008-5683 | Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | Opera_browser | N/A | ||
| 2008-12-19 | CVE-2008-5682 | Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. | Opera_browser | N/A | ||
| 2008-12-19 | CVE-2008-5681 | Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. | Opera_browser | N/A |