Truncated dialogs may be used to trick users – Opera Security Advisories

Severity

Low

Description

When an important dialog is being displayed, such as a download dialog, the entire dialog should be visible, so that the user can clearly see what the dialog’s buttons will do. In some cases, specific user interactions can cause Opera not to enforce this correctly, allowing the window to become smaller than the dialog. The edge of the window remains visible, but users may assume misleading buttons on an underlying page are part of the dialog buttons, and click on the part of the dialog’s buttons that are still visible. This can be used to cause the user to download and run executables unexpectedly, or perform other unwanted actions.

 

Opera’s Response

Opera Software has released Opera 12.02 and Opera 11.67, where this issue has been fixed.