Opera
Search the knowledge base
Advisory: History Search can reveal browsing history
Severity
Extremely Severe
Platforms
All desktop versions
Problem Description
Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to look through the user's browsing history, including the contents of the pages they have visited. These may contain sensitive information.
Opera's Response
Opera Software has released Opera 9.61, where this issue has been fixed.
Credits
Thanks to Roberto Suggi Liverani of Security-Assessment.com for reporting this issue to Opera Software.
Browse through articles in the same categories:
advisory
Support
- Overview
- Get started
- Register Opera Mobile
- Knowledge base
- Online communities
- Reporting bugs
- Opera Web Mail
- Access Opera
- Premium support
- Contact support
- Documentation
Opera Help
Need help? Hit F1 anytime while using Opera to access our online help files, or go here.
View mobile site
Copyright © 2009 Opera Software ASA. All rights reserved.