Data URIs can be used to facilitate Cross-Site Scripting – Opera Security Advisories

Severity

High

Description

Data URIs are only supposed to inherit the scripting origin from the site that creates them, such as by including them as the target of a link or an inline frame in the source of the document. Specific sequences of document and data URI loading can cause Opera to forget which document created the data URI, and to allow the data URI document to inherit the scripting origin of a target page instead. The data URI document would then be allowed to interact with the target page, instead of the document that created it, resulting in cross-site scripting (XSS).

Opera’s Response

Opera Software has released Opera 12.10, where this issue has been fixed.

Credits

Thanks to multiple users who reported this issue to Opera Software after its details were publicized.