Severity
Highly Severe
Problem Description
Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This can cause the script to be run in the wrong security context.
Opera’s Response
Opera Software has released Opera 9.26, where this issue has been fixed.
Credits
Thanks to Max Leonov for reporting this issue to Opera Software.