Vulnerabilities > Opera

DATE CVE VULNERABILITY TITLE RISK
2020-12-23 CVE-2020-6159 Cross-Site Scripting vulnerability in Opera 52.1.2517.139570/54.0.2669.49432
URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed.
network
opera CWE-79
4.3
2020-11-13 CVE-2020-6157 Unspecified vulnerability in Opera Touch
Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack.
network
opera
4.3
2020-03-12 CVE-2019-12278 Unspecified vulnerability in Opera 52.1.2517.139570
Opera through 53 on Android allows Address Bar Spoofing.
network
opera
4.3
2019-12-18 CVE-2019-19788 Unspecified vulnerability in Opera 52.1.2517.139570
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack.
local
low complexity
opera
2.1
2019-10-29 CVE-2019-18624 Improper Input Validation vulnerability in Opera Mini 44.1.2254.142553/44.1.2254.142659/44.1.2254.143214
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt.
network
low complexity
opera CWE-20
7.5
2019-07-18 CVE-2019-13607 Cross-Site Scripting vulnerability in Opera Mini 16.0.14
The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL.
network
opera CWE-79
4.3
2019-03-21 CVE-2018-18913 Untrusted Search Path vulnerability in Opera Browser
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target.
6.9
2018-03-28 CVE-2018-6608 Information Exposure vulnerability in Opera Browser 51.0.2830.55
In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
network
opera CWE-200
4.3
2017-04-21 CVE-2016-4075 Open Redirect vulnerability in Opera Browser and Opera Mini
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.
network
opera CWE-601
5.8
2017-01-26 CVE-2016-6908 Open Redirect vulnerability in Opera Browser 37.0.2192.105088
Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL.
network
opera CWE-601
5.8