Vulnerabilities > Opera > Opera Browser > 9.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-10-08 | CVE-2007-5276 | Unspecified vulnerability in Opera Browser 9.0 Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80. network opera | 4.3 |
2007-09-18 | CVE-2007-4944 | Information Disclosure vulnerability in Opera Web Browser The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript. | 5.0 |
2007-08-15 | CVE-2007-4367 | Release of Invalid Pointer or Reference vulnerability in Opera Browser Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer." | 9.3 |
2007-07-21 | CVE-2007-3929 | Use After Free vulnerability in Opera Browser Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. | 9.3 |
2007-05-22 | CVE-2007-2809 | Classic Buffer Overflow vulnerability in Opera Browser Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. | 9.3 |
2007-04-13 | CVE-2007-2022 | Information Exposure vulnerability in multiple products Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | 6.8 |
2007-02-26 | CVE-2007-1115 | Cross-Site Scripting vulnerability in Opera Browser The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | 4.3 |
2007-01-29 | CVE-2006-6955 | Improper Input Validation vulnerability in Opera Browser Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | 4.3 |
2007-01-09 | CVE-2007-0127 | Code Injection vulnerability in Opera Browser The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. | 9.3 |
2006-10-17 | CVE-2006-4819 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Browser 9.0/9.01 Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address). | 5.1 |