Feed preview can reveal contents of unrelated news feeds – Opera Security Advisories

Severity

Highly Severe

Platforms

All desktop versions

Problem Description

When Opera is previewing a news feed, some scripts are not correctly blocked. These scripts are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information.

Opera’s Response

Opera Software has released Opera 9.61, where this issue has been fixed.

Credits

Thanks to David Bloom for reporting this issue to Opera Software.