Opera: >> Opera Browser >> 11.50 Security Vulnerabilities
Opera before 11.51 allows remote attackers to cause an insecure site to appear secure or trusted via unspecified actions related to Extended Validation and loading content from trusted sources in an unspecified sequence that causes the address field and page information dialog to contain security information based on the trusted site, instead of the insecure site.
CVSS Score
4.3
EPSS Score
0.01
Published
2011-09-06
Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVSS Score
5.8
EPSS Score
0.004
Published
2011-08-09
Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-07-01
Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."
CVSS Score
10.0
EPSS Score
0.005
Published
2011-07-01
Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-07-01
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-07-01
The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a non-array object that contains initial holes.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-07-01
The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-07-01
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-07-01
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org.
CVSS Score
5.0
EPSS Score
0.005
Published
2011-07-01