Vulnerabilities > Opera > Opera Browser > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-18 | CVE-2007-4944 | Information Disclosure vulnerability in Opera Web Browser The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript. | 5.0 |
| 2007-07-17 | CVE-2007-3819 | Unspecified vulnerability in Opera Browser 9.21 Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | 5.0 |
| 2007-06-11 | CVE-2007-3142 | Authentication Server Domain Spoofing vulnerability in Opera Browser 9.21 Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. network opera | 5.8 |
| 2007-04-13 | CVE-2007-2022 | Information Exposure vulnerability in multiple products Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | 6.8 |
| 2007-03-21 | CVE-2007-1563 | Information Exposure vulnerability in Opera Browser 9.10 The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | 6.8 |
| 2007-03-10 | CVE-2007-1377 | Resource Exhaustion vulnerability in multiple products AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. | 5.0 |
| 2007-02-26 | CVE-2007-1115 | Cross-Site Scripting vulnerability in Opera Browser The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | 4.3 |
| 2007-02-07 | CVE-2007-0802 | Improper Input Validation vulnerability in multiple products Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. | 6.4 |
| 2007-02-07 | CVE-2006-6970 | Permissions, Privileges, and Access Controls vulnerability in Opera Browser 9.10 Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | 5.0 |
| 2007-01-29 | CVE-2006-6955 | Improper Input Validation vulnerability in Opera Browser Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | 4.3 |