Opera Public Bug Bounty

Opera is a leading global internet brand with a large, engaged and growing base of over 380 million average monthly active users.

  • $50 – $5,000 per vulnerability
  • Up to $10,000 maximum reward
  • Safe harbor
Submit report

Opera Bug Bounty Newsletter - 6th of October 2021

Opera Bug Bounty Newsletter - 6th of October 2021

I. New scope in the program

Opera Mini has been added to the scope of the Opera Public Bug Bounty Program and is awaiting your submissions. Please mind the list of exclusions though.

II. XSS to RCE + XSS to local file read in Opera PC = 12K USD in bounties

Bug hunter Renwa has reported some interesting high-impact vulnerabilities to the Opera Private Bug Bounty Program. We invited him to write up his work on the Opera Security Blog.

The first blog post describes an XSS that led to local file read which snagged him a 4K USD bounty.

The second one describes an XSS to RCE, where he was then awarded 8K USD.

III. Squid hack write-up

Our teammate, Joshua Rogers, has conducted a fuzing attack on forwarding proxies, Privoxy and Squid. He’s just published a write-up of part of that work on the Opera Security Blog. Five CVEs are described.

Regards,
Opera Security Team

TheOperaSinger
TheOperaSinger