Unexpected changes in tab focus can be used to run programs from the Internet – Opera Security Advisories

Severity

Moderate

Description

Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab is closed or hidden at the moment that a user was about to click, they can end up clicking on the buttons in the dialog, causing the downloaded file to be executed.

Previous versions of Opera had a delay before the button would respond to counteract this possibility. A recent interface change caused this protection not to function correctly.

Opera’s response

Opera Software has released Opera 10.61 where this issue has been fixed.

Credits

Thanks to Jakob Balle and Sven Krewitt of Secunia for reporting this issue to Opera Software.