Malicious setRequestHeader cross-site vulnerability – Opera Security Advisories

Summary

 

A malicious setRequestHeader can be used to stealuser credentials and inject cross-site JavaScript.

 

Severity: high

 

Opera’s response

 

Since version 8.02 of Opera, double newlinesor a single newline not followed by a space areremoved. Users with a version older than 8.02should upgrade to the most recent version ofOpera.

 

Credits

 

Thanks to Yutaka OIWA for reporting this issue.