VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 21, 2010· Updated Apr 29, 2026

CVE-2010-4047

CVE-2010-4047

Description

Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Opera before 10.63 fails to properly isolate JavaScript on error pages, enabling user-assisted cross-site scripting attacks.

Vulnerability

Opera versions prior to 10.63 do not correctly select the security context for JavaScript code that runs on error pages. When a user visits a crafted web site that triggers an error page, the associated JavaScript may execute in an unintended security context, allowing cross-site scripting (XSS) attacks [2]. The vulnerability affects all Opera builds before 10.63 on all platforms.

Exploitation

An attacker can exploit this vulnerability by hosting a malicious web site that, when visited by a user running an affected Opera version, causes an error page to be displayed. The attacker's JavaScript code embedded in the error page then executes without proper security context isolation. User interaction is required (the user must visit the crafted site), but no additional authentication or privileges are needed.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the error page, which may lead to disclosure of sensitive information, session hijacking, or further compromise of the user's browser session. The attack is limited to the error page's origin, but can be leveraged for broader XSS attacks.

Mitigation

The vulnerability is fixed in Opera 10.63, released on October 20, 2010 [3][4]. Users should upgrade to Opera 10.63 or later. No workarounds are documented; upgrading is the recommended mitigation.

References
  1. Browser Problems? We can help you! | Help & FAQ | Opera
  2. Get to know Opera
  3. Get to know Opera

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

111
  • Opera/Opera Browser110 versions
    cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*+ 109 more
    • cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*range: <=10.62
    • cpe:2.3:a:opera:opera_browser:10.00:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.00:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.00:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.00:beta3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.10:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.50:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.50:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.53:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.53:b:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.54:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.60:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.60:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:10.61:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.60:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.60:beta1:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.61:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.62:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.63:*:*:*:*:*:*:*
    • cpe:2.3:a:opera:opera_browser:9.64:*:*:*:*:*:*:*
  • Opera/Operallm-fuzzy
    Range: <10.63

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.