Michael Markevich

Comments

Opera Privacy Statement Update 2022

August 29, 2022

Opera, a browser company based out of Oslo, Norway, cares deeply about user security and data protection. With that in mind, we actively work on improving our internal practices and communications with you, our users. We are making some changes to our privacy statement and would like to tell you about them. These changes reflect our commitment...

» Read more

Hans Metsoja

Comments

Opera’s Free Browser VPN Completes Independent Security Audit by Cure53

March 30, 2022

Today we’re happy to announce the completion of an independent security audit of Opera’s free built-in browser VPN. Opera’s free, no-log, built-in browser VPN was originally launched as part of the PC browser in 2016 and later added to the Opera browser on Android. It provides our users with an enhanced level of browser privacy. ...

» Read more

Joshua Rogers

Comments

Bug Bounty Adventures: A NodeBB 0-day

March 25, 2022

Opera maintains both a public bug bounty program, and a private program, where security researchers can submit security issues they have found in Opera’s products for cash rewards. We like to highlight some of the issues that have been submitted, to educate the community about the types of issues they should be on the look-out...

» Read more

Joshua Rogers

Comments

Fuzzing HTTP Proxies: Privoxy, Part 3

January 4, 2022

One of my earlier posts outlined how I had discovered six security vulnerabilities in the Privoxy software using the technique of fuzzing to cause the software to crash. This post outlines how I discovered three more vulnerabilities in Privoxy related to a non-crashing vulnerability: memory leaks. In many ways, fuzzing is much more than just...

» Read more

Joshua Rogers

Comments

Fuzzing HTTP Proxies: Squid, Part 2

October 1, 2021

The story of how Joshua Rogers found several CVEs in The Squid Caching Proxy

» Read more

Opera Team

5 comments

$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser

September 24, 2021

Continuing from his previous post, Bug Bounty Hunter Renwa writes about the second vulnerability he submitted to Opera's Bug Bounty Programme: a Remote Code Execution in Opera's My Flow Feature. What follows is his write-up and experience.

» Read more

Opera Team

Comments

Bug Bounty Guest Post: Local File Read via Stored XSS in The Opera Browser

September 8, 2021

Opera manages a Bug Bounty program where researchers can report vulnerabilities in Opera's software and be rewarded for it. For high quality reports, we like to invite researchers to write about their findings. In this post, Opera's Security Team has invited Bug Bounty Hunter Renwa to write about a recent vulnerability that he reported, which was subsequently fixed and $4,000 USD reward given. What follows is his write-up and experience.

» Read more