History Search can reveal browsing history – Opera Security Advisories


Extremely Severe


All desktop versions

Problem Description

Certain constructs are not escaped correctly by Opera’s History Search results. These can be used to inject scripts into the page, which can then be used to look through the user’s browsing history, including the contents of the pages they have visited. These may contain sensitive information.

Opera’s Response

Opera Software has released Opera 9.61, where this issue has been fixed.


Thanks to Roberto Suggi Liverani of Security-Assessment.com for reporting this issue to Opera Software.