Severity Moderate Description CSS can be loaded cross-domain. In some cases, files that do not contain CSS may be partially interpreted as CSS. It is possible to make Opera incorrectly treat remote CSS files as if they were CSS files from the document-origin server, allowing the interpreted parts of a remote file to be read…
Severity High Description Opera uses dynamic link libraries (DLLs) of its own, and several provided by the host operating system or plug-ins. In some cases, Opera searches for these DLLs in the same location as a resource that is being loaded, and if a malicious DLL is located, it will load that as if it…
Severity High Description Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques…
Severity Moderate Description Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab is closed or hidden at the moment that a user was about to click, they can end up clicking on the…
Severity Low Description When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user to the feed without their consent. Opera’s response Opera Software has released Opera 10.61, where this issue has been fixed. Credits Thanks to Alexios Fakos for…
Summary A vulnerability has been discovered in all current versions of the SSL and TLS protocols, that may allow an attacker to inject data and instructions into the HTTPS connection and trick the server to believe the date and instructions came from the client.The attacker accomplishes this by first establishing its own secure connection to…
Severity Highly severe Description Widgets may use File I/O to create, read, modify, or delete files, with the user’s permission. When using this functionality, Opera should request permission from the user, and ask for a location to use for the files that will be manipulated. In some cases, Opera fails to ask for permission, and…
Severity Moderately severe Description Opera uses several approaches to prevent spoofing of internationalized domain names (IDN) with characters that look similar to each other. With untrusted top-level domains, Opera prevents certain combinations of characters from being used in the same part of a domain name as each other, and should display them in punycode format…
Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitive information which may be contained in the directory names. When manipulated by DOM this information should also not be exposed. Certain…
Severity Moderately severe Description In some cases, widget properties could be exposed to third party domains, leading to the possibility of leak of widget information, or configuration options for the widget. Opera’s response Opera Software has released Opera 10.50 for Windows, Opera 10.52 for Mac, and 10.60 for Linux and FreeBSD, where this issue has…
