Severity
Description
CSS can be loaded cross-domain. In some cases, files that do not contain CSS may be partially interpreted as CSS. It is possible to make Opera incorrectly treat remote CSS files as if they were CSS files from the document-origin server, allowing the interpreted parts of a remote file to be read by scripts, leading to the possibility of cross-domain data theft.
Opera’s response
Opera Software has released Opera 10.63, where this issue has been fixed.
Credits
Thanks to Isaac Dawson for reporting this issue to Opera Software.