Category Archives: advisory

Cross-site Scripting in OfA – Opera Security Advisories

CVE ID: CVE20206159PRODUCT: Opera for AndroidVERSION: Below 61.0.3076.56532PROBLEM TYPE: Crosssite Scripting (CWE79)DESCRIPTION: URLs usingjavascript:” have the protocol removed when pasted into the address bar to protect users from crosssite scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack…

Address bar spoofing in Opera Mini for Android – Opera Security Advisories

CVE ID: CVE20206158PRODUCT: Opera Mini for AndroidVERSION: Below 52.2PROBLEM TYPE: Address bar spoofingDESCRIPTION: Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another…

Address bar spoofing in Opera Touch for iOS – Opera Security Advisories

CVE ID: CVE20206157PRODUCT: Opera Touch for iOSVERSION: Below 2.4.5PROBLEM TYPE: Address bar spoofingDESCRIPTION: Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another…

Bypass a restriction in OfA 54 – Opera Security Advisories

CVE ID: CVE201919788PRODUCT: Opera for AndroidVERSION: Below 54.0.2669.49432PROBLEM TYPE: Bypass a restriction or similarDESCRIPTION: Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed crossorigin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without…

Replaced code signing certificate – Opera Security Advisories

Severity None Description Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signing certificate for desktop binaries and the signing certificate for automatic updates to browser.js. Operas rootstore was not affected by the…