Summary
A malicious setRequestHeader can be used to stealuser credentials and inject cross-site JavaScript.
Severity: high
Opera’s response
Since version 8.02 of Opera, double newlinesor a single newline not followed by a space areremoved. Users with a version older than 8.02should upgrade to the most recent version ofOpera.
Credits
Thanks to Yutaka OIWA for reporting this issue.