All the vulnerabilites related to Opera Software ASA - Opera
jvndb-2005-000530
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Vulnerability in multiple web browsers allowing request spoofing attacks
Details
Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page.
In general, JavaScript only allows communication within the same domain of the web page; however, an attacker could bypass this restriction by exploiting this vulnerability.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000530.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page.\r\n\r\nIn general, JavaScript only allows communication within the same domain of the web page; however, an attacker could bypass this restriction by exploiting this vulnerability.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000530.html", "sec:cpe": [ { "#text": "cpe:/a:mozilla:firefox", "@product": "Mozilla Firefox", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:mozilla_suite", "@product": "Mozilla Suite", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000530", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN31226748/", "@id": "JVN#31226748", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2703", "@id": "CVE-2005-2703", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2703", "@id": "CVE-2005-2703", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/16911/", "@id": "SA16911", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/14923", "@id": "14923", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2005/1824", "@id": "FrSIRT/ADV-2005-1824", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-94", "@title": "Code Injection(CWE-94)" } ], "title": "Vulnerability in multiple web browsers allowing request spoofing attacks" }
jvndb-2012-000049
Vulnerability from jvndb
Published
2012-05-25 15:40
Modified
2012-07-26 17:31
Summary
Opera fails to verify SSL server certificates
Details
Opera contains an issue where it fails to verify SSL server certificates.
Opera is a web browser. Opera contains an issue where it fails to verify SSL server certificates.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Opera Software ASA | Opera |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html", "dc:date": "2012-07-26T17:31+09:00", "dcterms:issued": "2012-05-25T15:40+09:00", "dcterms:modified": "2012-07-26T17:31+09:00", "description": "Opera contains an issue where it fails to verify SSL server certificates.\r\n\r\nOpera is a web browser. Opera contains an issue where it fails to verify SSL server certificates.", "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html", "sec:cpe": { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2012-000049", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN39707339/index.html", "@id": "JVN#39707339", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1251", "@id": "CVE-2012-1251", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1251", "@id": "CVE-2012-1251", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Opera fails to verify SSL server certificates" }
jvndb-2013-000086
Vulnerability from jvndb
Published
2013-09-12 14:13
Modified
2013-09-17 14:20
Summary
Opera vulnerable to cross-site scripting
Details
Opera is a web browser. Opera contains a cross-site scripting vulnerability when the page encoding settings are set to UTF-8.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Opera Software ASA | Opera |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000086.html", "dc:date": "2013-09-17T14:20+09:00", "dcterms:issued": "2013-09-12T14:13+09:00", "dcterms:modified": "2013-09-17T14:20+09:00", "description": "Opera is a web browser. Opera contains a cross-site scripting vulnerability when the page encoding settings are set to UTF-8.", "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000086.html", "sec:cpe": { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2013-000086", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN01094166/index.html", "@id": "JVN#01094166", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4705", "@id": "CVE-2013-4705", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4705", "@id": "CVE-2013-4705", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Opera vulnerable to cross-site scripting" }
jvndb-2014-000014
Vulnerability from jvndb
Published
2014-02-06 12:20
Modified
2014-02-10 19:09
Summary
Opera browser for Android issue in handling intent scheme URL's
Details
Opera browser for Android contains an issue in the handling of intent scheme URL's.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Opera Software ASA | Opera |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000014.html", "dc:date": "2014-02-10T19:09+09:00", "dcterms:issued": "2014-02-06T12:20+09:00", "dcterms:modified": "2014-02-10T19:09+09:00", "description": "Opera browser for Android contains an issue in the handling of intent scheme URL\u0027s.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000014.html", "sec:cpe": { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2014-000014", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN23256725/index.html", "@id": "JVN#23256725", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0815", "@id": "CVE-2014-0815", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0815", "@id": "CVE-2014-0815", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "Opera browser for Android issue in handling intent scheme URL\u0027s" }
jvndb-2011-000010
Vulnerability from jvndb
Published
2011-02-02 14:53
Modified
2011-02-02 14:53
Summary
Opera may insecurely load executable files
Details
Opera may use unsafe methods for determining how to load executables (.exe).
Opera loads certain executables (.exe) when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Opera Software ASA | Opera |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000010.html", "dc:date": "2011-02-02T14:53+09:00", "dcterms:issued": "2011-02-02T14:53+09:00", "dcterms:modified": "2011-02-02T14:53+09:00", "description": "Opera may use unsafe methods for determining how to load executables (.exe).\r\n\r\nOpera loads certain executables (.exe) when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000010.html", "sec:cpe": { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, "sec:cvss": { "@score": "5.1", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2011-000010", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN33880169", "@id": "JVN#33880169", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0450", "@id": "CVE-2011-0450", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0450", "@id": "CVE-2011-0450", "@source": "NVD" }, { "#text": "http://osvdb.org/70726", "@id": "70726", "@source": "OSVDB" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Opera may insecurely load executable files" }
jvndb-2012-000080
Vulnerability from jvndb
Published
2012-08-30 14:00
Modified
2013-06-26 13:48
Summary
Opera address bar spoofing vulnerability
Details
Opera contains a vulnerability where the URL displayed in the address bar may be spoofed.
Opera contains a vulnerability where certain characters may be displayed in the address bar, causing 2 URLs to potentially be indistinguishable from each other.
Masahiro Yamada reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Opera Software ASA | Opera |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000080.html", "dc:date": "2013-06-26T13:48+09:00", "dcterms:issued": "2012-08-30T14:00+09:00", "dcterms:modified": "2013-06-26T13:48+09:00", "description": "Opera contains a vulnerability where the URL displayed in the address bar may be spoofed.\r\n\r\nOpera contains a vulnerability where certain characters may be displayed in the address bar, causing 2 URLs to potentially be indistinguishable from each other.\r\n\r\nMasahiro Yamada reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000080.html", "sec:cpe": { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2012-000080", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN69880570/index.html", "@id": "JVN#69880570", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4010", "@id": "CVE-2012-4010", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4010", "@id": "CVE-2012-4010", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Opera address bar spoofing vulnerability" }
jvndb-2011-000049
Vulnerability from jvndb
Published
2011-07-05 16:54
Modified
2011-07-05 16:54
Summary
Opera vulnerable to denial-of-service (DoS)
Details
Opera contains a denial-of-service vulnerability.
Opera is a web browsing software. Opera contains an issue when attempting to resolve an invalid URL leading to a denial-of-service vulnerability.
Masahiro Yamada reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Opera Software ASA | Opera |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000049.html", "dc:date": "2011-07-05T16:54+09:00", "dcterms:issued": "2011-07-05T16:54+09:00", "dcterms:modified": "2011-07-05T16:54+09:00", "description": "Opera contains a denial-of-service vulnerability.\r\n\r\nOpera is a web browsing software. Opera contains an issue when attempting to resolve an invalid URL leading to a denial-of-service vulnerability.\r\n\r\nMasahiro Yamada reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000049.html", "sec:cpe": { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2011-000049", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN47757122/index.html", "@id": "JVN#47757122", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1337", "@id": "CVE-2011-1337", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1337", "@id": "CVE-2011-1337", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/45060", "@id": "SA45060", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/48501", "@id": "48501", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/68323", "@id": "68323", "@source": "XF" }, { "#text": "http:/osvdb.org/73486", "@id": "73486", "@source": "OSVDB" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-DesignError", "@title": "No Mapping(CWE-DesignError)" } ], "title": "Opera vulnerable to denial-of-service (DoS)" }
jvndb-2005-000800
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Opera bookmark function vulnerability
Details
Opera Software ASA's Opera Web Browser contains a vulnerability that may cause a crash upon next startup if a specially crafted web page is registered in the bookmark.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Opera Software ASA | Opera |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000800.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Opera Software ASA\u0027s Opera Web Browser contains a vulnerability that may cause a crash upon next startup if a specially crafted web page is registered in the bookmark.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000800.html", "sec:cpe": { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000800", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN28011334/index.html", "@id": "JVN#28011334", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4210", "@id": "CVE-2005-4210", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4210", "@id": "CVE-2005-4210", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/17963", "@id": "SA17963", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/15813", "@id": "15813", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/23549", "@id": "23549", "@source": "XF" }, { "#text": "http://www.frsirt.com/english/advisories/2005/2846", "@id": "2846", "@source": "FRSIRT" }, { "#text": "http://www.osvdb.org/21641", "@id": "21641", "@source": "OSVDB" } ], "title": "Opera bookmark function vulnerability" }
jvndb-2009-000061
Vulnerability from jvndb
Published
2009-09-17 15:52
Modified
2009-09-17 15:52
Summary
Third-party cookie issue in Opera
Details
Opera contains an issue in which third-party cookies are not handled properly.
Opera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for "Accept only cookies from the site I visit" from the default installation of Opera.
Hideki Sakamoto of Tsukuba Secure Network Research Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
▼ | Type | URL |
---|---|---|
JVN | http://jvn.jp/en/jp/JVN39157969/index.html | |
No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
▼ | Vendor | Product |
---|---|---|
Opera Software ASA | Opera |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000061.html", "dc:date": "2009-09-17T15:52+09:00", "dcterms:issued": "2009-09-17T15:52+09:00", "dcterms:modified": "2009-09-17T15:52+09:00", "description": "Opera contains an issue in which third-party cookies are not handled properly.\r\n\r\nOpera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for \"Accept only cookies from the site I visit\" from the default installation of Opera.\r\n\r\nHideki Sakamoto of Tsukuba Secure Network Research Co. Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000061.html", "sec:cpe": { "#text": "cpe:/a:opera:opera_browser", "@product": "Opera", "@vendor": "Opera Software ASA", "@version": "2.2" }, "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2009-000061", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN39157969/index.html", "@id": "JVN#39157969", "@source": "JVN" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Third-party cookie issue in Opera" }