Cross-domain data theft with CSS load – Opera Security Advisories

Summary

CSS can be loaded cross-domain, and in some cases it is be possible to read the data pointed to, leading to the possibility of cross-domain data theft.

Severity

Moderate

Opera’s response

Opera Software has released Opera 10.10, where this issue has been fixed.

Credits

Thanks to Chris Evans from the Google Security Team for reporting this issue to Opera Software.