Fast Forward can allow cross-site scripting – Opera Security Advisories

Severity

Highly Severe

Platforms

All desktop versions

Problem Description

If a link that uses a JavaScript URL triggers Opera’s Fast Forward feature, when the user activates Fast Forward, the script should run on the current page. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.

Opera’s Response

Opera Software has released Opera 9.61, where this issue has been fixed.

Credits

Thanks to David Bloom for reporting this issue to Opera Software.