Opera

Opera Browser

282 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2009-3266

Exploit
  • EPSS 0.8%
  • Veröffentlicht 18.09.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds...

5

CVE-2009-3269

  • EPSS 0.54%
  • Veröffentlicht 18.09.2009 22:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.

5

CVE-2009-3045

  • EPSS 0.25%
  • Veröffentlicht 02.09.2009 17:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.

7.5

CVE-2009-3046

  • EPSS 0.14%
  • Veröffentlicht 02.09.2009 17:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.

4.3

CVE-2009-3047

  • EPSS 0.6%
  • Veröffentlicht 02.09.2009 17:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.

4.3

CVE-2009-3048

  • EPSS 0.32%
  • Veröffentlicht 02.09.2009 17:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."

5

CVE-2009-3049

  • EPSS 0.6%
  • Veröffentlicht 02.09.2009 17:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.

5

CVE-2009-3044

  • EPSS 0.33%
  • Veröffentlicht 02.09.2009 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL serve...

4.3

CVE-2009-3013

Exploit
  • EPSS 0.28%
  • Veröffentlicht 31.08.2009 16:30:06
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location...

5

CVE-2009-2577

  • EPSS 0.47%
  • Veröffentlicht 22.07.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.