Description
Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/unix/1200/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/1165/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/1200/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/1200/
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/kb/view/1019/
Scores
EPSS
0.0038
EPSS Percentile
59.4%
Details
CWE
CWE-264
Status
published
Products (29)
opera/opera_browser
5.0 (8 CPE variants)
opera/opera_browser
5.02
opera/opera_browser
5.10
opera/opera_browser
5.11
opera/opera_browser
5.12
opera/opera_browser
6.0 (7 CPE variants)
opera/opera_browser
6.1 (2 CPE variants)
opera/opera_browser
6.01
opera/opera_browser
6.02
opera/opera_browser
6.03
... and 19 more
Published
Jun 14, 2012
Tracked Since
Feb 18, 2026