History.state can leak the state data from cross domain pages – Opera Security Advisories




When a site uses history.pushState and history.replaceState to add or replace history entries, it can also provide optional data, which may typically be used to restore the given state when the user navigates through their browser history. When pages with cross-domain frames use this functionality, Opera does not restrict that state data to the page that created it, and may allow other pages in that frame hierarchy to read the state data. This could leak whatever data is stored, which may in rare cases contain sensitive information.

Opera’s Response

Opera Software has released Opera 11.62, where this issue has been fixed.