@tnowak This issue has been addressed ! I note your comment for future reports
Best posts made by doliere
-
Opera for computersRE: Via message passing, extensions let web applications get access to sensitive pr
Latest posts made by doliere
-
Opera for computersRE: Via message passing, extensions let web applications get access to sensitive pr
@tnowak This issue has been addressed ! I note your comment for future reports
-
Opera for computersRE: The ability for extension to tamper with Cross-Origin Resource Sharing (CORS) headers disables the Same Origin Policy (SOP) in Opera
@burnout426 Ok thanks !
-
Opera for computersRE: The ability for extension to tamper with Cross-Origin Resource Sharing (CORS) headers disables the Same Origin Policy (SOP) in Opera
Any comment about this issue ?
-
Opera for computersRE: Via message passing, extensions let web applications get access to sensitive pr
@leocg Do you think that Opera should do something, during extensions review process, in order to remove extensions that can be exploited via message passing ?
-
Opera for computersRE: Via message passing, extensions let web applications get access to sensitive pr
@leocg Ok thanks. I found that most of the extensions I reported have been removed. But I reported some other 4 that are still on the Opera addons page. Thanks for your highly useful help
-
Opera for computersRE: Via message passing, extensions let web applications get access to sensitive pr
@leocg Yes it has been removed. But I have some more to report, can I do it here ?
-
Opera for computersRE: Via message passing, extensions let web applications get access to sensitive pr
@leocg Ok I see
What to do now ? -
Opera for computersRE: Via message passing, extensions let web applications get access to sensitive pr
@leocg No I did not !
I do not remember the exact title of the report, but it is related to extensions that can be exploited by web pages via message passing to get access to privileged extensions API.
So maybe
"Exploiting extensions capabilities via message passing"OR
"Extensions that let scripts in webpages post messages to the extensions in order to bypass SOP, execute arbitrary code in the context of the extension, trigger downloads, read and write extensions storage"
OR
"Via message passing, extensions let web applications get access to sensitive privileged capabilities"
-
Opera for computersRE: Via message passing, extensions let web applications get access to sensitive pr
@leocg No I did not.
I checked my mails -
Opera for computersRE: Via message passing, extensions let web applications get access to sensitive pr
@leocg Via the bug report wizard - https://bugs.opera.com/wizard/
I would have saved the bug number, but unfortunately, I did not