Opera SDRF bug exists in new Opera 11! filed in Chaos Construction Методы и техники Новые уязвимости on Dec.17, 2010 Summer, i published sdrf whitepaper: http://onsec.ru/onsec-whitepaper-01.eng.pdf This vulnerability which allows you to open a document with reference to the domain from which it was loaded in spite of http header Content-Type. New Opera 11 was released today which has the same vulnerability. For the demonstration suggest the following video: (Google Mail under Opera XSS attack PoC) Tags: Comments (1)