Opera SDRF bug exists in new Opera 11!
filed in Chaos Construction, Методы и техники, Новые уязвимости, Практика on Dec.17, 2010
Summer, i published sdrf whitepaper: http://onsec.ru/onsec-whitepaper-01.eng.pdf This vulnerability which allows you to open a document with reference to the domain from which it was loaded in spite of http header Content-Type. New Opera 11 was released today which has the same vulnerability. For the demonstration suggest the following video: (Google Mail under Opera XSS attack PoC)