Opera: >> Opera Browser >> 9.25 Security Vulnerabilities
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.
CVSS Score
7.8
EPSS Score
0.01
Published
2008-07-09
Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced."
CVSS Score
5.0
EPSS Score
0.006
Published
2008-06-16
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.
CVSS Score
5.0
EPSS Score
0.007
Published
2008-06-16
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
CVSS Score
9.3
EPSS Score
0.217
Published
2008-04-12
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.
CVSS Score
6.8
EPSS Score
0.013
Published
2008-02-29
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.
CVSS Score
6.8
EPSS Score
0.012
Published
2008-02-29
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation.
CVSS Score
4.3
EPSS Score
0.004
Published
2008-02-29
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
CVSS Score
2.6
EPSS Score
0.048
Published
2007-10-08
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
CVSS Score
4.3
EPSS Score
0.007
Published
2007-01-29
Page 18