Opera: >> Opera Browser >> 10.52 Security Vulnerabilities
Unspecified vulnerability in the auto-update functionality in Opera before 11.00 allows remote attackers to cause a denial of service (application crash) by triggering an Opera Unite update.
CVSS Score
5.0
EPSS Score
0.009
Published
2010-12-22
The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508.
CVSS Score
10.0
EPSS Score
0.005
Published
2010-12-22
Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module.
CVSS Score
9.3
EPSS Score
0.006
Published
2010-12-22
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.
CVSS Score
4.3
EPSS Score
0.009
Published
2010-10-21
Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size.
CVSS Score
4.3
EPSS Score
0.007
Published
2010-10-21
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.
CVSS Score
9.3
EPSS Score
0.045
Published
2010-10-21
Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.
CVSS Score
4.3
EPSS Score
0.008
Published
2010-10-21
Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
CVSS Score
4.3
EPSS Score
0.005
Published
2010-10-21
Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file.
CVSS Score
4.3
EPSS Score
0.004
Published
2010-10-21
Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.
CVSS Score
4.3
EPSS Score
0.007
Published
2010-10-21