Image properties can be used to execute scripts – Opera Security Advisories

Severity

Highly Severe

Problem Description

Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This can cause the script to be run in the wrong security context.

Opera’s Response

Opera Software has released Opera 9.26, where this issue has been fixed.

Credits

Thanks to Max Leonov for reporting this issue to Opera Software.