Opera's variation of this vulnerability was fixed back in Opera 10.10. The
information on this thread is incorrect. The issue shown here does not affect
Opera, and this code would not have produced an exploit in Opera, even in
pre-10.10 versions. All it will do is display a message showing that
Works on Opera 10.70. Build 9049 for Linux, too.
On Thu, 23 Sep 2010 04:23:47 -0600
i...@securitylab.ir wrote:
> Proof Of Concept:
>
> 1.html:
>
> {}body{DOM:
> Cross Domain Vulnerability
>
>
> 2.html:
>
> @import url("1.html");
>
>
> setTimeout(function(){
> var s = document.body.currentS
