Summary
| Detail | |||
|---|---|---|---|
| Vendor | Opera | First view | 2008-04-12 |
| Product | Opera | Last view | 2020-12-23 |
| Version | 9.26 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:opera:opera | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.1 | 2020-12-23 | CVE-2020-6159 | URLs using “javascript:†have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532. |
| 5.5 | 2019-12-18 | CVE-2019-19788 | Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context. |
| 6.9 | 2012-09-07 | CVE-2010-5227 | Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information. |
| 9.3 | 2008-12-19 | CVE-2008-5679 | The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. |
| 4.3 | 2008-10-30 | CVE-2008-4795 | The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks. |
| 9.3 | 2008-10-30 | CVE-2008-4794 | Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696. |
| 4.3 | 2008-10-23 | CVE-2008-4696 | Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat). |
| 9.3 | 2008-10-23 | CVE-2008-4695 | Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context. |
| 10 | 2008-09-27 | CVE-2008-4293 | Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications. |
| 10 | 2008-07-08 | CVE-2008-3079 | Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors. |
| 9.3 | 2008-04-12 | CVE-2008-1764 | Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." |
| 9.3 | 2008-04-12 | CVE-2008-1761 | Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 42% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 28% (2) | CWE-399 | Resource Management Errors |
| 14% (1) | CWE-200 | Information Exposure |
| 14% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 50954 | Opera HTML Parsing Engine Crafted Web Page Arbitrary Code Execution |
| 49739 | Opera Opera.dll History Search Database anchor Identifier XSS |
| 49473 | Opera Links Panel Outermost Page Frame Handling XSS |
| 49472 | Opera History Search Results Page Arbitrary Remote Command Execution |
| 49094 | Opera Java Applet Cache Path Prediction Information Disclosure |
| 47693 | Opera Startup Crash Unspecified Arbitrary Code Execution |
| 46696 | Opera for Windows Unspecified Arbitrary Code Execution |
| 44720 | Opera Password Input Unspecified Security Issue |
| 44030 | Opera Newsfeed Addition Prompt DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-03-20 | Name : Gentoo Security Advisory GLSA 200903-30 (opera) File : nvt/glsa_200903_30.nasl |
| 2008-12-26 | Name : Opera Web Browser Multiple Vulnerabilities - Dec08 (Linux) File : nvt/secpod_opera_mult_vuln_dec08_lin.nasl |
| 2008-12-26 | Name : Opera Web Browser Multiple Vulnerabilities - Dec08 (Win) File : nvt/secpod_opera_mult_vuln_dec08_win.nasl |
| 2008-11-19 | Name : FreeBSD Ports: opera, linux-opera File : nvt/freebsd_opera14.nasl |
| 2008-11-19 | Name : Gentoo Security Advisory GLSA 200811-01 (opera) File : nvt/glsa_200811_01.nasl |
| 2008-11-01 | Name : FreeBSD Ports: opera, linux-opera File : nvt/freebsd_opera13.nasl |
| 2008-10-31 | Name : Opera Web Browser Command Execution and XSS Vulnerabilities (Linux) File : nvt/gb_opera_cmd_exec_n_xss_vuln_lin.nasl |
| 2008-10-31 | Name : Opera Web Browser Command Execution and XSS Vulnerabilities (Win) File : nvt/gb_opera_cmd_exec_n_xss_vuln_win.nasl |
| 2008-10-30 | Name : Opera Remote Code Execution and Information Disclosure Vulnerabilities (Linux) File : nvt/gb_opera_info_disc_n_code_exec_lin.nasl |
| 2008-10-30 | Name : Opera Remote Code Execution and Information Disclosure Vulnerabilities (Win) File : nvt/gb_opera_info_disc_n_code_exec_win.nasl |
| 2008-10-30 | Name : Opera Web Browser Multiple XSS Vulnerability (Linux) File : nvt/gb_opera_mult_vuln_oct08_lin.nasl |
| 2008-10-30 | Name : Opera Web Browser Multiple XSS Vulnerability (Win) File : nvt/gb_opera_mult_vuln_oct08_win.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-14 (opera) File : nvt/glsa_200804_14.nasl |
| 2008-09-04 | Name : FreeBSD Ports: opera File : nvt/freebsd_opera10.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Opera Web Browser History Search Input validation vulnerability RuleID : 21399 - Type : BROWSER-OTHER - Revision : 4 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-09-10 | Name: The remote host contains a web browser that allows arbitrary code execution. File: opera_1062.nasl - Type: ACT_GATHER_INFO |
| 2009-03-17 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200903-30.nasl - Type: ACT_GATHER_INFO |
| 2008-11-04 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_0e30e802a9db11dd93a2000bcdf0a03b.nasl - Type: ACT_GATHER_INFO |
| 2008-11-04 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200811-01.nasl - Type: ACT_GATHER_INFO |
| 2008-10-31 | Name: The remote host contains a web browser that is affected by several issues. File: opera_962.nasl - Type: ACT_GATHER_INFO |
| 2008-10-21 | Name: The remote host contains a web browser that is affected by several issues. File: opera_961.nasl - Type: ACT_GATHER_INFO |
| 2008-10-10 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_fb84d5dd952811dd9a00001999392805.nasl - Type: ACT_GATHER_INFO |
| 2008-10-08 | Name: The remote host contains a web browser that is affected by several issues. File: opera_960.nasl - Type: ACT_GATHER_INFO |
| 2008-08-20 | Name: The remote host contains a web browser that is affected by several issues. File: opera_952.nasl - Type: ACT_GATHER_INFO |
| 2008-07-04 | Name: The remote host contains a web browser that is affected by several issues. File: opera_951.nasl - Type: ACT_GATHER_INFO |
| 2008-04-17 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200804-14.nasl - Type: ACT_GATHER_INFO |
| 2008-04-11 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_ad4a00fa015711dd8bd3001372ae3ab9.nasl - Type: ACT_GATHER_INFO |
| 2008-04-03 | Name: The remote host contains a web browser that is affected by several issues. File: opera_927.nasl - Type: ACT_GATHER_INFO |
