The links panel can allow cross-site scripting – Opera Security Advisories


Highly Severe

Problem Description

The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.

Opera’s Response

Opera Software has released Opera 9.62, where this issue has been fixed.