Advisory: Data URIs can be used to allow cross-site scripting Severity: Highly severe = Description = Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be opened.Opera's response Opera Software has released Opera 10.54 on Windows and Mac, and Opera 10.11 on Linux and FreeBSD, where this issue has been fixed. Arch teams, please test and mark stable: =www-client/opera-10.11 Target KEYWORDS="amd64 ppc x86"
x86 stable
amd64 stable, ppc doesn't seem to have 10.1[10] keyworded btw
Correct. There is no Qt3 left to support PPC.
GLSA Vote: yes.
We have an opera GLSA pending, it will be added there.
This issue was resolved and addressed in GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml by GLSA coordinator Sean Amoss (ackle).