CVE-2018-16135
https://notcve.org/view.php?id=CVE-2018-16135
The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site. La aplicación Opera Mini 47.1.2249.129326 para Android permite a atacantes remotos falsificar el cuadro de diálogo Permiso de ubicación a través de un sitio web manipulado. • https://payatu.com/advisory/opera-mini-location-permission-spoof- •
CVE-2021-23253
https://notcve.org/view.php?id=CVE-2021-23253
Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com…) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue. Opera Mini para Android versiones por debajo de 53.1, muestra la URL alineada a la izquierda en el campo de dirección. • https://security.opera.com/address-bar-spoofing-in-opera-mini-opera-security-advisories •
CVE-2019-18624
https://notcve.org/view.php?id=CVE-2019-18624
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. Opera Mini para Android, permite a atacantes omitir las restricciones previstas en la descarga e instalación de archivos .apk mediante un enfoque RTLO (también se conoce como Right to Left Override), como es demostrado mediante la interpretación errada de malicious%E2%80%AEtxt.apk como maliciouskpa.txt. Esto afecta a las versiones 44.1.2254.142553, 44.1.2254.142659 y 44.1.2254.143214. • http://firstsight.me/2019/10/illegal-rendered-at-download-feature-in-several-apps-including-opera-mini-that-lead-to-extension-manipulation-with-rtlo https://medium.com/%40YoKoKho/illegal-rendered-at-download-feature-in-opera-mini-that-lead-to-extension-manipulation-with-rtlo-685bf2d77d51 •
CVE-2019-13607
https://notcve.org/view.php?id=CVE-2019-13607
The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL. La aplicación Opera Mini hasta el 16.0.14 para iOS tiene una vulnerabilidad de UXSS que puede activarse al realizar la navegación a una javascript: URL. • https://blog.rakeshmane.com/2019/07/u-xss-in-operamini-for-ios-browser-0-day.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4075
https://notcve.org/view.php?id=CVE-2016-4075
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. Opera Mini 13 y Opera Stable 36 permite a atacantes remotos suplantar el URL visualizada a través de un documento HTML manipulado, relacionado con about:blank URL. • http://abhikafle.com.np/opera-url-spoofing-poc http://www.securityfocus.com/bid/98004 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •