CVE-2020-6159

Name of the Vulnerable Software and Affected Versions Opera for Android versions below 61.0.3076.56532

Description The issue arises when URLs using javascript: are pasted into the address bar. Normally, the protocol is removed to protect against cross-site scripting (XSS) attacks. However, in certain circumstances, this removal does not occur, potentially allowing users to be socially engineered into running an XSS attack against themselves.

Recommendations For Opera for Android versions below 61.0.3076.56532, update to version 61.0.3076.56532 or later to resolve the issue. As a temporary workaround, consider avoiding the use of javascript: URLs in the address bar until the update is applied.