Data URIs may be used to initiate cross site scripting against unrelated sites – Opera Security Advisories

Severity

High

Description

Data URIs are supposed to inherit the security context from the page that created them. In some cases, Opera does not enforce this correctly, and will allow unrelated data URIs to interact both with each other, and their source pages. This can be used to enable cross site scripting against the target site, if the target site has some appropriate markup that allows it to be targeted.

Opera’s Response

Opera Software has released Opera 11.50, where all known variants of this issue have been fixed.

 

Credits

Thanks to Michal Zalewski of the Google Security Team for reporting this issue to Opera Software.