Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.