CVE-2010-4582

Opera < 11.00 - Security Policy Bypass via Extension Update

Title source: llm

Description

Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

References (5)

Core 5

Core References

Vendor Advisory x_refsource_confirm

http://www.opera.com/docs/changelogs/windows/1100/

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42653

Vendor Advisory x_refsource_confirm

http://www.opera.com/docs/changelogs/unix/1100/

Vendor Advisory x_refsource_confirm

http://www.opera.com/docs/changelogs/mac/1100/

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

Scores

EPSS 0.0028

EPSS Percentile 51.8%

Details

CWE

CWE-264

Status published

Products (30)

opera/opera_browser 5.0 (8 CPE variants)

opera/opera_browser 5.02

opera/opera_browser 5.10

opera/opera_browser 5.11

opera/opera_browser 5.12

opera/opera_browser 6.0 (6 CPE variants)

opera/opera_browser 6.1 (2 CPE variants)

opera/opera_browser 6.01

opera/opera_browser 6.02

opera/opera_browser 6.03

... and 20 more

Published Dec 22, 2010

Tracked Since Feb 18, 2026