Private video streams can be intercepted

2010-10-06T00:00:00
ID OPERA:974
Type opera
Reporter Opera
Modified 2010-10-06T00:00:00

Description

Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the content of the canvas can be safely read out by scripts. In some cases, Opera does not check the video's origin correctly, and may allow videos from unrelated sites to be used as canvas content, without protecting the content from scripts.Provided that an attacker knows the address of a private video stream that the user has access to, and they can convince the user to open a malicious page, they can extract and read the frames of that video via the canvas, and send them to their chosen destination.