MidnightBSD

Advisories for opera_software

CVE-1999-1283 MEDIUM

Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera_software opera_web_browser 3.2.1
CVE-2001-0898 MEDIUM

Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera_software opera_web_browser *
CVE-2001-1245 MEDIUM

Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera_software opera_web_browser 5.0
CVE-2001-1491 MEDIUM

Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera_software opera_web_browser 5.1.1
CVE-2002-0243 HIGH

Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera_software opera_web_browser *
CVE-2002-0270 MEDIUM

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
opera_software opera_web_browser 9.10
CVE-2002-0783 HIGH

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera_software opera_web_browser 5.12
opera_software opera_web_browser 6.0
opera_software opera_web_browser 6.0.1
CVE-2002-0898 MEDIUM

Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera_software opera_web_browser 6.0.2
opera_software opera_web_browser 6.0.1
CVE-2002-1091 HIGH

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netscape navigator 6.2
mozilla mozilla 0.9.6
mozilla mozilla 1.0
opera_software opera_web_browser 6.0
mozilla mozilla 0.9.5
opera_software opera_web_browser 6.0.1
netscape navigator 6.2.1
mozilla mozilla 0.9.7
mozilla mozilla 0.9.9
opera_software opera_web_browser 5.12
netscape navigator 6.2.2
netscape navigator 6.2.3
mozilla mozilla 0.9.8
CVE-2002-2311 MEDIUM

Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
microsoft internet_explorer 5.0
microsoft internet_explorer 6.0
opera_software opera_web_browser 6.0.1
microsoft internet_explorer 5.5
microsoft internet_explorer 5.0.1
CVE-2002-2312 MEDIUM

Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera_software opera 6.0.1
CVE-2002-2332 MEDIUM

Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opera_software opera_web_browser 6.0.1
CVE-2002-2358 MEDIUM

Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
opera_software opera_web_browser 6.0.4
opera_software opera_web_browser 6.0.3
opera_software opera_web_browser 6.0
opera_software opera_web_browser 6.0.2
opera_software opera_web_browser 6.0.1
CVE-2002-2414 MEDIUM

Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera_software opera 6.0.3
squid squid 2.4
CVE-2005-0233 HIGH

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mozilla mozilla *
opera opera_browser *
mozilla camino 0.8.5
mozilla firefox 1.0
omnigroup omniweb 5
opera_software opera_web_browser 7.54