Vulnerabilities > Opera > Opera Browser > 9.22
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-31 | CVE-2009-3013 | Cross-Site Scripting vulnerability in Opera Browser Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. | 4.3 |
| 2009-07-22 | CVE-2009-2577 | Resource Management Errors vulnerability in Opera Browser Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | 5.0 |
| 2009-07-07 | CVE-2009-2351 | Cross-Site Scripting vulnerability in Opera Browser Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. | 4.3 |
| 2009-06-15 | CVE-2009-2067 | Improper Authentication vulnerability in Opera Browser Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | 6.8 |
| 2009-06-15 | CVE-2009-2063 | Improper Authentication vulnerability in Opera Browser Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | 6.8 |
| 2009-06-15 | CVE-2009-2059 | Improper Authentication vulnerability in Opera Browser Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | 6.8 |
| 2009-03-16 | CVE-2009-0916 | Multiple Security vulnerability in Opera Web Browser prior to 9.64 Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue." | 10.0 |
| 2009-03-16 | CVE-2009-0915 | Cross-site Scripting vulnerability in Opera Browser Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins. | 6.8 |
| 2009-03-16 | CVE-2009-0914 | Resource Management Errors vulnerability in Opera Browser Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. | 9.3 |
| 2008-12-19 | CVE-2008-5683 | Information Exposure vulnerability in Opera Browser Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. | 7.8 |