
Publicly-disclosed UXSS flaw was exploited against Opera users for over 2 years - Sephr
https://eligrey.com/blog/opera-uxss-vulnerability-regression/
======
brokenmachine
Can someone ELI5 what the flaw was and what is possible using this flaw?

~~~
Sephr
Any referred domain had full access to the referring domain (even across
multiple redirects).

This means badsite.example can have access to your Google account just from
clicking on a Google search result. I made an exploit that worked on Twitter
and Reddit to retweet/upvote/etc.

------
crtasm
During the period 2010-2012.

~~~
Sephr
Correct. I wanted to include that, but I couldn't fit it in the 80 character
title limit.

