Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.
Max CVSS
2.6
EPSS Score
0.19%
Published
2012-06-14
Updated
2012-06-15
The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.
Max CVSS
2.1
EPSS Score
0.06%
Published
2011-01-31
Updated
2017-09-19
Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site.
Max CVSS
2.6
EPSS Score
0.28%
Published
2010-12-22
Updated
2011-01-22
Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site.
Max CVSS
2.6
EPSS Score
0.37%
Published
2010-12-22
Updated
2011-01-22
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.
Max CVSS
2.6
EPSS Score
6.01%
Published
2005-09-21
Updated
2022-02-28
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
Max CVSS
2.6
EPSS Score
0.57%
Published
2005-07-13
Updated
2022-02-28
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.
Max CVSS
2.6
EPSS Score
1.87%
Published
2004-12-31
Updated
2022-02-28
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."
Max CVSS
2.6
EPSS Score
0.82%
Published
2004-02-11
Updated
2022-02-28
Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.
Max CVSS
2.6
EPSS Score
0.42%
Published
2004-10-18
Updated
2022-02-28
Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.
Max CVSS
2.6
EPSS Score
0.70%
Published
2004-12-31
Updated
2022-02-28
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.
Max CVSS
2.6
EPSS Score
0.23%
Published
2004-12-31
Updated
2022-02-28
Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.
Max CVSS
2.6
EPSS Score
71.12%
Published
2004-07-07
Updated
2022-02-28
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!