Secunia Research has discovered a vulnerability in Opera,
which can be exploited by malicious people to conduct
cross-site scripting attacks and retrieve a user's
files.
The vulnerability is caused due to Opera allowing a user
to drag e.g. an image, which is actually a "javascript:"
URI, resulting in cross-site scripting if dropped over
another site. This may also be used to populate a file
upload form, resulting in uploading of arbitrary files to
a malicious web site.
Successful exploitation requires that the user is tricked
into dragging and dropping e.g. an image or a link.