Severity High Description When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in a small enough window, the user may not realize it is being displayed, and if the right keyboard sequence is carefully followed, they…
Severity Moderate Description The browser’s user interface contains several pieces of security information. To preserve this information correctly, web page content should not be able to display over the user interface. Certain styling can cause Opera to allow the content to be displayed outside the page, over the address field. This could allow a page…
If you received the error message “There was a problem initializing Opera Mail. Engine Init() Failed”, it may mean that you have a stand-alone (USB) installation of Opera. Although a stand-alone installation is not usual using our installer, this may sometimes be possible. For example, you may have chosen to install a test version (alpha,…
Severity Low Description When attempting to resolve a URL which cannot be interpreted as a legal URL, Opera will create an error page to display to the user when they load it. If enough invalid URLs can be created, Opera can use up all available disk space with these error pages, causing the browser or…
Severity High Description Data URIs are supposed to inherit the security context from the page that created them. In some cases, Opera does not enforce this correctly, and will allow unrelated data URIs to interact both with each other, and their source pages. This can be used to enable cross site scripting against the target…
Severity Critical Description Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a memory corruption. To inject code, additional techniques will have to be employed. Opera’s response Opera Software has released Opera 11.11, where this issue has been fixed. Credits Thanks…
Severity High Description When using Opera Turbo, pages are requested by the Opera Turbo servers, sending the relevant HTTP headers for that request. In some cases, the headers are incorrectly taken from unrelated requests belonging to the same user, and may include sensitive information, or identification cookies from unrelated websites. Opera’s Response Opera Software has…
Severity Low Affected versions This issue affects Opera for Microsoft Windows. Description Opera’s downloads manager allows users to select a file, and open the folder containing that file. This file will be opened using the operating system’s file system viewer. In some cases, Opera will use the wrong executable when trying to show the folder…
Severity Moderate Description When using “Delete Private Data” and selecting the option to “Clear all email account passwords”, the passwords were not deleted immediately, and would continue to be used until the browser was restarted. This could unexpectedly allow continued access to those email accounts. Opera’s response Opera Software has released Opera 11.01, where this…
Severity High Description Internal opera: URLs which may be used to modify the Opera configuration have some intentional restrictions that are designed to mitigate possible clickjacking attacks. Certain manipulations can trick Opera into bypassing those restrictions, which would then allow clickjacking attacks to be carried out. Opera’s response Opera Software has released Opera 11.01, where…
