Product

Opera 8.51

View All Versions

Vulnerabilities

Unspecified	CVE-2008-1764 CVE-2009-0915
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	CVE-2008-4696 CVE-2008-4795
Improper Authentication	CVE-2009-2068 CVE-2009-2068
Information Exposure	CVE-2008-4695
Improper Input Validation	CVE-2008-4794
Resource Management Errors	CVE-2008-5679

Security Grade

432

of 1000

SECURITY GRADE

Vulnerability History

Weakness Analysis

Unspecified 2/9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2/9

Improper Authentication 2/9

Information Exposure 1/9

Improper Input Validation 1/9

Resource Management Errors 1/9

CVE-2008-1764
CVE-2009-0915
CVE-2008-4696
CVE-2008-4795
CVE-2009-2068
CVE-2009-2068
CVE-2008-4695
CVE-2008-4794
CVE-2008-5679

Related Vulnerabilities

Vulnerability	Severity Score	Release Date	Summary
CVE-2008-1764	9.3	April 12, 2008	Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."
CVE-2008-4695	9.3	Oct. 23, 2008	Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.
CVE-2008-4696	4.3	Oct. 23, 2008	Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
CVE-2008-4794	9.3	Oct. 30, 2008	Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.
CVE-2008-4795	4.3	Oct. 30, 2008	The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
CVE-2008-5679	9.3	Dec. 19, 2008	The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
CVE-2009-0915	6.8	March 16, 2009	Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.
CVE-2009-2068	5.8	June 15, 2009	Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
CVE-2009-2068	5.8	June 15, 2009	Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

Followers