The Web    Google
Critical Flaws Spoil Opera Tune

Critical Flaws Spoil Opera Tune
August 5, 2004
Ryan NaraineBy

Alternative Web browser firm Opera Software has issued a fix for its flagship Opera browser after a security research firm reported a potentially dangerous security bug.

Opera rolled out a new version (7.54) and confirmed that users of previous versions were at risk of computer hijack.

GreyMagic, the research outfit that discovered the vulnerabilities, said a successful attack would allow read-access to files on the victim's file system and read access to lists of files and folders on the victim's computer.

Malicious hackers could also gain access to read incoming and outgoing e-mails on Opera's M2 mail program, which is built into the browser.

The flaws also could result in cookie theft, URL-spoofing for phishing attacks and the spillage of a user's browsing history.

''The vulnerability is a new variant of an older vulnerability GreyMagic detected in February last year. This time the 'location' object isn't sufficiently protected from malicious attacks,'' the company warned.

GreyMagic also released a proof-of-concept demonstration that presents the user's files and directories in an Explorer-like manner, allowing the user to browse his/her own file system using the vulnerability.

''This comes to show that the entire file-system information could have been silently downloaded to a malicious server without any user interaction,'' the company said.

Opera competes with Microsoft's Internet Explorer and the Mozilla Foundation's Firefox in the Web browser market.

This article was first published on

  • 5/17: Mytob-CH a Mass-Mailing Worm
  • Application Insecurity --- Who is at Fault?
  • Author of Zafi-B Worm Trailed to Hungary
  • Neoteris Extends Gateway Access
  • IM Security Under The Gun
  • E-mail security and your legal liability
  • NIKSUN offers a security camera for your network
  • Neoteris Extends Gateway Access
  • 5/20: Mytob-EU Worm Drops Copy
  • 4/5: Mytob-W Worm Takes Remote Orders
  • 4/18: Mytob-BR Worm Mails Itself Out
  • Security Camera Price