Advisory: Images can be read cross-domain with canvas
Severity: Less Severe
HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the image data should no longer be available to scripts. A flaw exists in the way that Opera checks for the source of these images. Suitable manipulation can cause Opera to reveal the image data to scripts.
Opera Software has released Opera 9.5, where this issue has been fixed.
Thanks to Philip Taylor for reporting this issue to Opera Software.