Vulnerabilities > Opera > Opera Browser > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-02-18 | CVE-2010-0653 | Information Exposure vulnerability in Opera Browser Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | 4.3 |
| 2009-11-24 | CVE-2009-4071 | Configuration vulnerability in Opera Browser Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. | 5.8 |
| 2009-10-30 | CVE-2009-3832 | Open Redirect vulnerability in Opera Browser Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. | 5.8 |
| 2009-09-18 | CVE-2009-3269 | Resource Management Errors vulnerability in Opera Browser Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. | 5.0 |
| 2009-09-18 | CVE-2009-3266 | Cross-Site Scripting vulnerability in Opera Browser Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." | 4.3 |
| 2009-09-18 | CVE-2009-3265 | Cross-Site Scripting vulnerability in Opera Browser 10.00/9.0 Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. | 4.3 |
| 2009-09-18 | CVE-2008-7245 | Resource Management Errors vulnerability in Opera Browser Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. | 5.0 |
| 2009-09-02 | CVE-2009-3049 | Remote Security vulnerability in Opera Web Browser Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. | 5.0 |
| 2009-09-02 | CVE-2009-3048 | Improper Input Validation vulnerability in Opera Browser Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | 4.3 |
| 2009-09-02 | CVE-2009-3047 | Remote Security vulnerability in Opera Web Browser Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. network opera | 4.3 |