Severity
Moderate
Description
Plug-ins may use operating system features to detect key presses when the plug-in is focused. If the plug-in does not detect its own focused state correctly, it can detect key presses when other pages are focused, allowing the plug-in content to detect key presses intended for pages from other sites, or other parts of the browser, such as the address field. At least one major plug-in has been demonstrated to have this weakness.
Affected Versions
This issue affects Opera for Microsoft Windows, with relevant plug-ins installed.
Opera’s Response
Opera Software has released Opera 11.60, where plug-in content is prevented from detecting key presses directed at other pages or the browser interface.
Credits
Thanks to Ananev Alexey for reporting this issue to Opera Software.