CVE ID: CVE–2020–6159PRODUCT: Opera for AndroidVERSION: Below 61.0.3076.56532PROBLEM TYPE: Cross–site Scripting (CWE–79)DESCRIPTION: URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross–site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack…
CVE ID: CVE–2020–6158PRODUCT: Opera Mini for AndroidVERSION: Below 52.2PROBLEM TYPE: Address bar spoofingDESCRIPTION: Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another…
CVE ID: CVE–2020–6157PRODUCT: Opera Touch for iOSVERSION: Below 2.4.5PROBLEM TYPE: Address bar spoofingDESCRIPTION: Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another…
CVE ID: CVE–2019–19788PRODUCT: Opera for AndroidVERSION: Below 54.0.2669.49432PROBLEM TYPE: Bypass a restriction or similarDESCRIPTION: Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross–origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without…
Severity None Description Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signing certificate for desktop binaries and the signing certificate for automatic updates to browser.js. Opera‘s rootstore was not affected by the…
Low
Low
Low
Low
High
