Multiple vulnerabilities in Opera

Description

Multiple vulnerabilities were found in Opera Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

1. Cross-origin data leak vulnerability can be exploited to arbitrary code execution;
2. Security UI vulnerability in full screen mode can be exploited remotely via a crafted web page to perform domain spoofing;
3. URL spoof vulnerability in navigation can be exploited to arbitrary code execution;
4. Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution;
5. Unspecified vulnerability in libexpat can be exploited remotely via specially designed XML-file to obtain sensitive information;
6. File download protection bypass vulnerability can be exploited to arbitrary code execution;
7. Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution;
8. Use-after-free vulnerability in media can be exploited to arbitrary code execution;
9. IDN spoof vulnerability can be exploited to arbitrary code execution;
10. CSP bypass vulnerability can be exploited to arbitrary code execution;
11. CSS injection vulnerability can be exploited to arbitrary code execution;
12. Cross-context information leak vulnerability can be exploited to arbitrary code execution;
13. Extension permission bypass vulnerability can be exploited to arbitrary code execution;
14. Service worker state error vulnerability can be exploited to arbitrary code execution;
15. Address bar spoofing vulnerability can be exploited to arbitrary code execution;
16. Use after free vulnerability in content delivery manager can be exploited remotely via a crafted web page to potentially cause denial of service;
17. File storage disclosure vulnerability can be exploited to arbitrary code execution;
18. URL bar spoofing vulnerability can be exploited to arbitrary code execution;
19. Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution;
20. HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;

Original advisories

• Changelog for Opera 65

• Stable Channel Update for Desktop

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Opera

CVE list

• CVE-2019-13699
  high
• CVE-2019-13700
  high
• CVE-2019-13701
  warning
• CVE-2019-13702
  high
• CVE-2019-13703
  warning
• CVE-2019-13704
  warning
• CVE-2019-13705
  warning
• CVE-2019-13706
  high
• CVE-2019-13707
  warning
• CVE-2019-13708
  warning
• CVE-2019-13709
  warning
• CVE-2019-13710
  warning
• CVE-2019-13711
  warning
• CVE-2019-15903
  warning
• CVE-2019-13713
  warning
• CVE-2019-13714
  warning
• CVE-2019-13715
  warning
• CVE-2019-13716
  warning
• CVE-2019-13717
  warning
• CVE-2019-13718
  warning
• CVE-2019-13719
  warning
• CVE-2019-13765
  warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com