Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.
Max CVSS
4.3
EPSS Score
0.08%
Published
2020-11-13
Updated
2020-11-30
Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL.
Max CVSS
4.3
EPSS Score
0.11%
Published
2020-03-12
Updated
2020-08-24
In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
Max CVSS
4.3
EPSS Score
0.17%
Published
2018-03-28
Updated
2018-04-23

CVE-2015-4000

Public exploit
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Max CVSS
4.3
EPSS Score
97.46%
Published
2015-05-21
Updated
2023-02-09
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.
Max CVSS
4.3
EPSS Score
0.11%
Published
2014-02-06
Updated
2014-02-07
The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.
Max CVSS
4.3
EPSS Score
0.21%
Published
2014-02-06
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.
Max CVSS
4.3
EPSS Score
0.14%
Published
2013-09-13
Updated
2013-09-13
The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Max CVSS
4.0
EPSS Score
0.32%
Published
2013-02-08
Updated
2013-03-08
Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file.
Max CVSS
4.6
EPSS Score
0.04%
Published
2013-01-02
Updated
2013-01-02
Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012.
Max CVSS
4.3
EPSS Score
0.25%
Published
2013-01-02
Updated
2015-09-29
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins.
Max CVSS
4.3
EPSS Score
0.11%
Published
2013-01-02
Updated
2013-01-02
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.
Max CVSS
4.3
EPSS Score
0.11%
Published
2013-01-02
Updated
2013-01-02
The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.
Max CVSS
4.3
EPSS Score
0.06%
Published
2012-12-26
Updated
2013-01-08
Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page.
Max CVSS
4.3
EPSS Score
0.29%
Published
2012-08-06
Updated
2012-08-07
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.
Max CVSS
4.3
EPSS Score
0.29%
Published
2012-08-06
Updated
2012-08-07
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
Max CVSS
4.3
EPSS Score
0.23%
Published
2012-08-06
Updated
2012-08-07
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission.
Max CVSS
4.3
EPSS Score
0.20%
Published
2012-06-14
Updated
2017-08-29
Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.
Max CVSS
4.3
EPSS Score
0.20%
Published
2012-06-14
Updated
2017-08-29
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.
Max CVSS
4.3
EPSS Score
0.25%
Published
2012-06-14
Updated
2012-06-15
Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing.
Max CVSS
4.6
EPSS Score
0.04%
Published
2012-03-28
Updated
2018-01-05
Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files.
Max CVSS
4.6
EPSS Score
0.04%
Published
2012-03-28
Updated
2018-01-05

CVE-2011-3389

Public exploit
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Max CVSS
4.3
EPSS Score
0.85%
Published
2011-09-06
Updated
2022-11-29
Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the insecure site.
Max CVSS
4.3
EPSS Score
0.79%
Published
2011-09-06
Updated
2017-08-29
Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension.
Max CVSS
4.3
EPSS Score
0.22%
Published
2011-07-01
Updated
2011-07-08
Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview.
Max CVSS
4.3
EPSS Score
0.23%
Published
2011-07-01
Updated
2011-07-08
79 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!