Severity Less severe Description Plug-ins may be used to seed the system clipboard with paths to a target file, while the user may not expect that to be the contents of the clipboard. If the user can be convinced to focus a file input and paste the contents of the clipboard, the file can then…
Severity Moderately severe Description When a user clicks a link on a Web page that points to an executable file, Opera will show a download dialog to allow the user to download it. The dialog will allow the user to choose to run the executable directly. If the user accidentally double clicks, the second click…
Severity Highly severe Description Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them…
Affected versions This vulnerability may be targeted through Opera for Windows. Severity Extremely Severe Description A flaw in the font handling on the Windows operating system has been fixed by Microsoft. On unpatched systems, Web fonts may be used to exploit this issue through Opera. Opera’s response For complete protection, users should apply the patch…
Affected versions This vulnerability affects Opera for Windows and Mac. Severity Extremely Severe Description Multiple asynchronous calls to a script that modifies the document contents can cause Opera to reference an uninitialized value, which may lead to a crash. To inject code, additional techniques will have to be employed. Opera’s Response Opera Software has released…
Affected versions This vulnerability affects Opera 10.50. Severity Highly severe Description XSLT is normally subject to strict controls, preventing documents from separate Web sites from reading the contents of other sites. Certain XSLT constructs can cause Opera to retrieve the wrong contents for the resulting document. These contents will appear randomly from the cached versions…
Affected versions This vulnerability affects Opera for Microsoft Windows. Severity Highly Severe Description Large values in the HTTP Content-Length header can cause Opera to crash. Certain specific values can cause a memory corruption, which in some cases can allow arbitrary code to be injected and executed. In most cases Opera will just crash. To inject…
Summary CSS can be loaded cross-domain, and in some cases it is be possible to read the data pointed to, leading to the possibility of cross-domain data theft. Severity Moderate Opera’s response Opera Software has released Opera 10.10, where this issue has been fixed. Credits Thanks to Chris Evans from the Google Security Team for…
Description Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. This also affects the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used…
Description Scripting error messages are normally available only to the page that caused the error. In some cases, the error messages could be passed to other sites as the contents of unrelated variables, and may contain sensitive information. If those sites write the content into the page markup, this could allow cross-site scripting, using code…
