Image properties can be used to execute scripts – Opera Security Advisories


Highly Severe

Problem Description

Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This can cause the script to be run in the wrong security context.

Opera’s Response

Opera Software has released Opera 9.26, where this issue has been fixed.


Thanks to Max Leonov for reporting this issue to Opera Software.