Pages held in frames are able to change the location of pages in unrelated frames on the parent page – Opera Security Advisories

Severity: Less Severe


Problem Description:


Pages from different sources held on the same parent page should not be able to modify the locations of each other. In affected Opera versions, if a page contains frames from both a trusted but not secured, and an untrusted source, the untrusted page is able to replace the contents of a named trusted frame, causing it to display misleading information.

Note that since the untrusted frame could also display misleading information as its own contents, authors of sites containing sensitive information should not place frames from untrusted sources on their pages, without offering the user some means to identify the content as untrusted.


Opera’s Response:


Opera Software has released Opera 9.5, where this issue has been fixed.