Opera has fixed the following security issues with its latest browser: hidden keyboard navigation that could allow cross-site scripting or code execution; a combination of clicks and key presses that could lead to cross-site scripting or code execution; cross-domain JSON resources that may be exposed as JavaScript variable data; carefully timed reloads, redirects, and navigation that could spoof the address field; pages that could prevent navigation to a target page, spoofing of the address field; and a “moderate severity issue”, details of which will be disclosed at a “later date.”
In addition, Opera said it was adding a DNT function to its browser. In a blog, Opera researcher Karl Dubost explained why DNT is important to his company.
“We are both a browser implementer and a service provider. The recently released build will help us to understand the interactions and the issues it might create when a user is activating the DNT: 1 header. We would like to see how implementable the Working Group suggestions are on the server side too. Our social network, My.Opera, and the very useful Opera Mini browser have to be tested against the specification”, he wrote.