Error messages can leak onto unrelated sites – Opera Security Advisories

Description

Scripting error messages are normally available only to the page that caused the error. In some cases, the error messages could be passed to other sites as the contents of unrelated variables, and may contain sensitive information. If those sites write the content into the page markup, this could allow cross-site scripting, using code provided by the attacking site. This issue only affects installations that have enabled stacktraces for exceptions, these are disabled by default.

Severity

Highly severe

Opera’s Response

Opera Software has released Opera 10.10 where this issue has been fixed.