This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opera Software First view 2004-12-31
Product Opera Web Browser Last view 2007-07-20
Version 7.53_build_3850 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:opera_software:opera_web_browser

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2007-07-20 CVE-2007-3929

Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.

9.3 2007-05-22 CVE-2007-2809

Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.

5 2006-06-30 CVE-2006-3331

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.

10 2005-09-26 CVE-2005-3059

Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding."

2.6 2004-12-31 CVE-2004-2491

A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

Open Source Vulnerability Database (OSVDB)

id Description
38123 Opera BitTorrent File Header Parsing Use-after-free Arbitrary Code Execution
36229 Opera Transfer Manager Torrent File Handling Overflow
26960 Opera SSL Security Bar Trusted Certificate Spoofing
19740 Opera Cookie Comment Encoding Unspecified Issue
19739 Opera HTTPS must-revalidate Cache Directive Unspecified Issue
8317 Opera Multiple Function Address Bar Spoofing

OpenVAS Exploits

id Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200708-17 (opera)
File : nvt/glsa_200708_17.nasl
2008-09-04 Name : FreeBSD Ports: opera, opera-devel, linux-opera
File : nvt/freebsd_opera7.nasl

Nessus® Vulnerability Scanner

id Description
2007-09-14 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200708-17.nasl - Type: ACT_GATHER_INFO
2007-07-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_12d266b6363f11dcb6c9000c6ec775d9.nasl - Type: ACT_GATHER_INFO
2007-07-23 Name: The remote host contains a web browser that is affected by multiple issues.
File: opera_922.nasl - Type: ACT_GATHER_INFO
2007-05-21 Name: The remote host contains a web browser that is prone to a buffer overflow att...
File: opera_921.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing a vendor-supplied security patch
File: suse_SA_2006_038.nasl - Type: ACT_GATHER_INFO
2006-06-30 Name: The remote host contains a web browser that is affected by multiple issues.
File: opera_900.nasl - Type: ACT_GATHER_INFO
2004-08-09 Name: The remote host has application that may allow arbitrary code execution on th...
File: opera_URI_obfuscation.nasl - Type: ACT_GATHER_INFO