Opera Mini

Opera Mini Android <=52.1: Address Bar Spoofing (CVE-2020-6158)
CVE-2020-6158 - February 21, 2025

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.

The Opera Mini application 47.1.2249.129326 for Android
CVE-2018-16135 6.5 - Medium - December 26, 2022

The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site.

Opera Mini for Android below 53.1 displays URL left-aligned in the address field
CVE-2021-23253 5.3 - Medium - January 11, 2021

Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue.

Opera Mini 13 and Opera Stable 36
CVE-2016-4075 6.1 - Medium - April 21, 2017

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.

Open Redirect