CVE-2012-3556

critical

Published 2012-06-14 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

9.3

Description

Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions
opera	opera_browser	`{"endIncluding":"11.62"}`
opera	opera_browser	`5.0`
opera	opera_browser	`5.02`
opera	opera_browser	`5.10`
opera	opera_browser	`5.11`
opera	opera_browser	`5.12`
opera	opera_browser	`6.0`
opera	opera_browser	`6.1`
opera	opera_browser	`6.01`
opera	opera_browser	`6.02`
opera	opera_browser	`6.03`
opera	opera_browser	`6.04`
opera	opera_browser	`6.05`
opera	opera_browser	`6.06`
opera	opera_browser	`6.11`
opera	opera_browser	`6.12`
opera	opera_browser	`7.0`
opera	opera_browser	`7.01`
opera	opera_browser	`7.02`
opera	opera_browser	`7.03`
opera	opera_browser	`7.10`
opera	opera_browser	`7.11`
opera	opera_browser	`7.20`
opera	opera_browser	`7.21`
opera	opera_browser	`7.22`
opera	opera_browser	`7.23`
opera	opera_browser	`7.50`
opera	opera_browser	`7.51`
opera	opera_browser	`7.52`
opera	opera_browser	`7.53`
opera	opera_browser	`7.54`
opera	opera_browser	`8.0`
opera	opera_browser	`8.01`
opera	opera_browser	`8.02`
opera	opera_browser	`8.50`
opera	opera_browser	`8.51`
opera	opera_browser	`8.52`
opera	opera_browser	`8.53`
opera	opera_browser	`8.54`
opera	opera_browser	`9.0`
opera	opera_browser	`9.01`
opera	opera_browser	`9.02`
opera	opera_browser	`9.10`
opera	opera_browser	`9.20`
opera	opera_browser	`9.21`
opera	opera_browser	`9.22`
opera	opera_browser	`9.23`
opera	opera_browser	`9.24`
opera	opera_browser	`9.25`
opera	opera_browser	`9.26`
opera	opera_browser	`9.27`
opera	opera_browser	`9.50`
opera	opera_browser	`9.51`
opera	opera_browser	`9.52`
opera	opera_browser	`9.60`
opera	opera_browser	`9.61`
opera	opera_browser	`9.62`
opera	opera_browser	`9.63`
opera	opera_browser	`9.64`
opera	opera_browser	`10.00`
opera	opera_browser	`10.01`
opera	opera_browser	`10.10`
opera	opera_browser	`10.11`
opera	opera_browser	`10.50`
opera	opera_browser	`10.51`
opera	opera_browser	`10.52`
opera	opera_browser	`10.53`
opera	opera_browser	`10.54`
opera	opera_browser	`10.60`
opera	opera_browser	`10.61`
opera	opera_browser	`10.62`
opera	opera_browser	`10.63`
opera	opera_browser	`11.00`
opera	opera_browser	`11.01`
opera	opera_browser	`11.10`
opera	opera_browser	`11.11`
opera	opera_browser	`11.50`
opera	opera_browser	`11.51`
opera	opera_browser	`11.52`
opera	opera_browser	`11.60`
opera	opera_browser	`11.61`

References

CWEs

CWE-20

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.