Filtered by vendor Opera
Subscriptions
Total
311 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-5274 | 4 Mozilla, Opera, Redhat and 1 more | 6 Firefox, Opera Browser, Rhel Extras and 3 more | 2024-11-21 | N/A |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. | ||||
CVE-2007-4944 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript. | ||||
CVE-2007-4367 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer." | ||||
CVE-2007-3929 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. | ||||
CVE-2007-3819 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | ||||
CVE-2007-3142 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | ||||
CVE-2007-2809 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. | ||||
CVE-2007-2274 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain. | ||||
CVE-2007-2022 | 3 Adobe, Opera, Redhat | 3 Flash Player, Opera Browser, Enterprise Linux | 2024-11-21 | N/A |
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | ||||
CVE-2007-1737 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. | ||||
CVE-2007-1563 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | ||||
CVE-2007-1377 | 4 Adobe, Mozilla, Netscape and 1 more | 4 Acrobat Reader, Firefox, Navigator and 1 more | 2024-11-21 | N/A |
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. | ||||
CVE-2007-1115 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | ||||
CVE-2007-0802 | 2 Mozilla, Opera | 2 Firefox, Opera Browser | 2024-11-21 | N/A |
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. | ||||
CVE-2007-0127 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. | ||||
CVE-2007-0126 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker. | ||||
CVE-2006-6970 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | ||||
CVE-2006-6955 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | ||||
CVE-2006-4819 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address). | ||||
CVE-2006-3945 | 2 Microsoft, Opera | 2 Windows Xp, Opera Browser | 2024-11-21 | N/A |
The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption. |