Oct 13, 2010 06:26 GMT  ·  By

The newly released Opera 10.63 addresses several same-origin policy issues, that can lead to cross-site scripting attacks and theft of sensitive information.

In total, there are five vulnerabilities fixed in the new Opera version, four stemming from failure to properly detect a resource's origin and one involving address bar spoofing.

The most serious flaw allows bypassing the JavaScript same-origin policy by carefully timing a series of redirects, reloads and caching.

Opera rates this bug as critical because successful exploitation can result in cross-site scripting (XSS) attacks, that modify the browser's configuration in order to facilitate arbitrary code execution.

A different flaw of moderate severity was identified on Opera's error page, which is displayed when accessing invalid URLs.

This page contains a link to the bogus URL, which attackers can craft to execute scripts in the context of an arbitrary domain. In order for this to be exploited, the victim must be tricked into opening the malformed link.

Another vulnerability can facilitate data theft attacks by tricking the browser into interpreting certain portions of non-CSS files as CSS.

"It is possible to make Opera incorrectly treat remote CSS files as if they were CSS files from the document-origin server, allowing the interpreted parts of a remote file to be read by scripts, leading to the possibility of cross-domain data theft," the browser developers explain.

The last cross-site bug is related the origin of video streams displayed inside the HTML5 canvas. Under normal circumstances Opera allows scripts to access this content only if the stream is loaded from the same domain as the page.

However, in some cases, when the stream is loaded from an external source, the browser fails to block script access to the it, which allow attackers to snoop on private video content.

The final security issue fixed in Opera 10.63 is rated as low severity and involves manipulating how the URL appears in the address bar by resizing the browser window via scripting.

In some cases the beginning of the URL can be hidden, which can be used to trick users into believing that they are on a different page.

Users who were running Opera 10.63 RC2  already have the latest version, as this has been promoted to final. This release fixes numerous stability and usability issues, as well.

The latest version of Opera for Windows can be downloaded from here.

The latest version of Opera for Linux can be downloaded from here.

The latest version of Opera for Mac can be downloaded from here.