When a user double clicks on a page, they may expect the two clicks to target the same object. If a page uses the first click to open a pop-up window in a predictable location, the second click may focus parts of the new window, such as its address field. If the page can then convince the user to activate a scripted URL seeded in the address field, on a newly loaded target page within the pop-up, it can allow cross site scripting against the target page. Similar attacks could also be used against Opera’s preferences to change preferences or select executables to be run by Opera. Non-trivial social engineering would be required to ensure that the user followed the desired sequence of clicks and keypresses, at precisely the right speed, while ignoring the opening and loading of pages within the pop-up.
Opera Software has released Opera 12 and Opera 11.65, where this issue has been fixed.
Thanks to Jordi Chancel for reporting this issue to Opera Software.