Opera : Security Vulnerabilities, CVEs, Published In 2010 (Code Execution)
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
Max CVSS
10.0
EPSS Score
92.31%
Published
2010-04-12
Updated
2017-08-17
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955.
Max CVSS
9.3
EPSS Score
17.02%
Published
2010-05-06
Updated
2018-10-30
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.
Max CVSS
6.8
EPSS Score
11.48%
Published
2010-08-16
Updated
2018-10-10
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
Max CVSS
9.3
EPSS Score
2.29%
Published
2010-07-08
Updated
2021-09-08
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.
Max CVSS
9.3
EPSS Score
9.96%
Published
2010-07-08
Updated
2018-10-30
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.
Max CVSS
9.3
EPSS Score
8.22%
Published
2010-08-16
Updated
2017-09-19
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.
Max CVSS
9.3
EPSS Score
2.42%
Published
2010-10-21
Updated
2017-09-19
7 vulnerabilities found