HTTP header leakage when using Opera Turbo – Opera Security Advisories

Severity

High

Description

When using Opera Turbo, pages are requested by the Opera Turbo servers, sending the relevant HTTP headers for that request. In some cases, the headers are incorrectly taken from unrelated requests belonging to the same user, and may include sensitive information, or identification cookies from unrelated websites.

Opera’s Response

Opera Software has fixed this issue with an update to the Opera Turbo servers, which will automatically take effect. No action is required by users.

Credits

Thanks to Mark Goodwin and Paul Crossley for reporting this issue to Opera Software.