A Universal Cross-site scripting vulnerability in Opera browser was disclosed today on a Russian forum rdot.org . The flaw has the ability to be triggered by exploiting flaws inside browsers, instead of leveraging the vulnerabilities against insecure web sites.





"Vulnerable versions Opera for Windows, Mac and Linux to 2.12 inclusive (the latest version as of today). On versions prior to 9.50 check is not performed. advise after referring to the following opera when redirecting to a site on data: URL via HTTP -header Location property document.domain has a value in the last redirecting site"

The vulnerability actually use the Data URI Scheme in combination with another flaw called "Open Redirection" which happens when an attacker can use the webpage to redirect the user to any URI of his choice.





Even one don't have "Open Redirection" flaw in his site, still this XSS can be triggered using various short url services like bit.ly and tinyurl.com. Here 's a proof-of-concept link on tinyurl: https://tinyurl.com/operauxss . If you open this link in Opera, you will find yourself looking at an alert box saying "tinyurl.com".





This means that the javascript executes within the domain of tinyurl.com. Because of that, an attacker could read data within the domain and steal the users cookies for the domain as well.





There is a small Fix you can do -Go to Tools->Preferences->Advanced->Network and uncheck the checkbox labeled "Enable automatic redirection".