Vulnerabilities > Opera > Opera Browser > Low

DATE CVE VULNERABILITY TITLE RISK
2015-05-21 CVE-2015-4000 Cryptographic Issues vulnerability in multiple products
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
3.7
2012-06-14 CVE-2012-3558 Permissions, Privileges, and Access Controls vulnerability in Opera Browser
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.
network
high complexity
opera CWE-264
2.6
2011-01-31 CVE-2011-0685 Improper Input Validation vulnerability in Opera Browser
The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.
local
low complexity
opera CWE-20
2.1
2010-12-22 CVE-2010-4583 Unspecified vulnerability in Opera Browser
Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site.
network
high complexity
opera
2.6
2010-12-22 CVE-2010-4584 Cryptographic Issues vulnerability in Opera Browser
Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site.
network
high complexity
opera CWE-310
2.6
2007-10-08 CVE-2007-5274 Unspecified vulnerability in SUN Jdk, JRE and SDK
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.
network
high complexity
mozilla opera sun
2.6
2005-09-21 CVE-2005-3007 Injection vulnerability in Opera Browser
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.
network
high complexity
opera CWE-74
2.6
2005-07-13 CVE-2005-2273 Unspecified vulnerability in Opera Browser
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
network
high complexity
opera
2.6
2004-12-31 CVE-2004-1489 Exposure of Resource to Wrong Sphere vulnerability in Opera Browser
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.
network
high complexity
opera CWE-668
2.6
2004-12-31 CVE-2004-1490 Unspecified vulnerability in Opera Browser
Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.
network
high complexity
opera
2.6