U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:opera:opera_browser:9.64:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 154 matching records.
Displaying matches 141 through 154.
Vuln ID Summary CVSS Severity
CVE-2009-4071

Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.

Published: November 24, 2009; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2009-3832

Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.

Published: October 30, 2009; 4:30:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2009-3831

Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.

Published: October 30, 2009; 4:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-3266

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content."

Published: September 18, 2009; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-3049

Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.

Published: September 02, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-3048

Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."

Published: September 02, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-3047

Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.

Published: September 02, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-3046

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.

Published: September 02, 2009; 1:30:01 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2009-3045

Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.

Published: September 02, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-2540

Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

Published: July 20, 2009; 2:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-1599

Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."

Published: May 11, 2009; 11:30:00 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-1234

Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.

Published: April 02, 2009; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-5274

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.

Published: October 08, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-6955

Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.

Published: January 29, 2007; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM