Opera Mini
by Opera
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4075 | Med | 0.40 | 6.1 | 0.01 | Apr 21, 2017 | Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | ||
| CVE-2020-6158 | Med | 0.31 | 4.7 | 0.00 | Feb 21, 2025 | Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user… | ||
| CVE-2018-16135 | 0.00 | — | 0.01 | Dec 26, 2022 | The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site. | |||
| CVE-2021-23253 | 0.00 | — | 0.01 | Jan 11, 2021 | Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g.… | |||
| CVE-2019-18624 | 0.00 | — | 0.01 | Oct 29, 2019 | Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553,… | |||
| CVE-2019-13607 | 0.00 | — | 0.01 | Jul 18, 2019 | The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL. | |||
| CVE-2012-5180 | 0.00 | — | 0.01 | Dec 26, 2012 | The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. |
- risk 0.40cvss 6.1epss 0.01
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.
- risk 0.31cvss 4.7epss 0.00
Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user…
- CVE-2018-16135Dec 26, 2022risk 0.00cvss —epss 0.01
The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site.
- CVE-2021-23253Jan 11, 2021risk 0.00cvss —epss 0.01
Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g.…
- CVE-2019-18624Oct 29, 2019risk 0.00cvss —epss 0.01
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553,…
- CVE-2019-13607Jul 18, 2019risk 0.00cvss —epss 0.01
The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL.
- CVE-2012-5180Dec 26, 2012risk 0.00cvss —epss 0.01
The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.