Hijacking Opera’s Native Page using malicious RSS payloads


The Opera browser is a popular alternative to Internet Explorer, Google Chrome, and Safari.  Its clean look and unique features make it an appealing alternative to users unhappy with their current browser or anyone looking to try something new.

However, as with most software products, Opera does have its drawbacks.  Namely, a security vulnerability that allows another user to take control of the Opera browser.

This vulnerability is exploited using Rich Site Summary (RSS) feeds.

It begins when a user clicks on a RSS feed from an email or a web page.  As the web page is loaded into Opera, a JavaScript is executed by the malicious RSS feed.  This malicious code then allows an illicit actor to take control of the Opera browser.

Although the Opera developers recognized this, it appears their solution does not completely eliminate the vulnerability.  The solution was to permit only certain html tags to execute from RSS feeds, which leaves open the possibility of illicit actors finding other html tags to exploit the vulnerability.

This information is not intended to shy anyone away from Opera.  Rather, it is intended to make you aware of the vulnerability.

Remember, never click an untrusted link you receive through email or on a web page.  You never know what malicious code is lurking in the background, waiting for an unsuspecting user to become a victim.

Leave a Comment