CVE ID: CVE-2020-6159PRODUCT: Opera for AndroidVERSION: Below 61.0.3076.56532PROBLEM TYPE: Cross-site Scripting (CWE-79)DESCRIPTION: URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack…
CVE ID: CVE-2020-6158PRODUCT: Opera Mini for AndroidVERSION: Below 52.2PROBLEM TYPE: Address bar spoofingDESCRIPTION: Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another…
CVE ID: CVE-2020-6157PRODUCT: Opera Touch for iOSVERSION: Below 2.4.5PROBLEM TYPE: Address bar spoofingDESCRIPTION: Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another…
CVE ID: CVE-2019-19788PRODUCT: Opera for AndroidVERSION: Below 54.0.2669.49432PROBLEM TYPE: Bypass a restriction or similarDESCRIPTION: Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without…
Severity None Description Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signing certificate for desktop binaries and the signing certificate for automatic updates to browser.js. Opera’s rootstore was not affected by the…
Severity Low Description Browsers should only allow cookies to be set for the website that created them. In some specific cases, Opera does not apply this restriction correctly, and allows a website to set a cookie for its entire top-level domain (such as .com or .co.uk). A malicious site could then redirect the user to…
Severity Low Description Weaknesses in the RC4 encryption protocol have been found, allowing an attacker to deduce the plaintext. If the same message is encrypted many millions of times, statistical methods can be used to extract valuable information, such as cookies. Due to the time this amount of requests takes, this is not a practical…
Severity Low Description Cross-Origin Resource Sharing (CORS) requests are required to send a preflight request if custom headers are included, to check that the host wishes to allow the full request to be made. An example of where this may be needed is for sites that use a custom header with a static value as…
Severity Low Advisory When Opera receives incorrectly encrypted network data, Opera will detect this, and let the sender know that the data was not understood. Such encrypted error responses are marginally faster than regular responses. An attacker with access to the network, can by replacing network data measure Opera’s response speed, and deduce the content.…
Severity High Advisory When SVG documents with specifically prepared clipPaths are used in Opera, Opera may allow other content to overwrite the memory, before referencing the memory, which will lead to a crash. If an attacker can control the contents being written into memory, execution of arbitrary code may occur. Opera’s response Opera Software…
