Opera Browser
Approved changes feed: RSS · Atom
cpe:2.3:a:opera:opera_browser:10.00:beta_3:*:*:*:*:*:*
part: a version: 10.00 update: beta_3
| Vendor | Opera (59f0a105-cac9-5c1f-b0fb-85549d53b66c) |
|---|---|
| Product | Opera Browser (d93a8e16-25c9-511e-b4e8-687ae7be9e55) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2013-3210 |
vulnerable | 2026-06-08 05:04:30.392034 |
Details available
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
Published: 2013-04-19T10:00:00.000Z
Updated: 2024-09-16T23:15:57.128Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4072 |
vulnerable | 2026-06-08 04:51:46.843517 |
Details available
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
Published: 2009-11-24T17:00:00.000Z
Updated: 2024-08-07T06:54:08.447Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4071 |
vulnerable | 2026-06-08 04:51:46.841947 |
Details available
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.
Published: 2009-11-24T17:00:00.000Z
Updated: 2024-08-07T06:54:08.602Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-3013 |
vulnerable | 2026-06-08 04:51:31.822745 |
Details available
Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site.
Published: 2009-08-31T16:00:00.000Z
Updated: 2024-08-07T06:14:55.168Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-2351 |
vulnerable | 2026-06-08 04:51:27.997714 |
Details available
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected.
Published: 2009-07-07T23:00:00.000Z
Updated: 2024-08-07T05:44:55.960Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.