The Web    Google
Critical Flaws Spoil Opera Tune

Critical Flaws Spoil Opera Tune
August 5, 2004
Ryan NaraineBy

Alternative Web browser firm Opera Software has issued a fix for its flagship Opera browser after a security research firm reported a potentially dangerous security bug.

Opera rolled out a new version (7.54) and confirmed that users of previous versions were at risk of computer hijack.

GreyMagic, the research outfit that discovered the vulnerabilities, said a successful attack would allow read-access to files on the victim's file system and read access to lists of files and folders on the victim's computer.

Malicious hackers could also gain access to read incoming and outgoing e-mails on Opera's M2 mail program, which is built into the browser.

The flaws also could result in cookie theft, URL-spoofing for phishing attacks and the spillage of a user's browsing history.

''The vulnerability is a new variant of an older vulnerability GreyMagic detected in February last year. This time the 'location' object isn't sufficiently protected from malicious attacks,'' the company warned.

GreyMagic also released a proof-of-concept demonstration that presents the user's files and directories in an Explorer-like manner, allowing the user to browse his/her own file system using the vulnerability.

''This comes to show that the entire file-system information could have been silently downloaded to a malicious server without any user interaction,'' the company said.

Opera competes with Microsoft's Internet Explorer and the Mozilla Foundation's Firefox in the Web browser market.

This article was first published on

  • 6/28: Rbot-CA Allows Remote Access
  • MFPs ?An Overlooked Security Risk
  • 4/5: Mytob-Y Worm Copies Itself to Email
  • Can Market Forces Secure the Internet?
  • Soft on the Inside
  • The Backup Conundrum: More Data in Less Time, Part 2
  • Time to Trade in Geek Speak for Business Lingo
  • Teen Held For Allegedly Swiping Code
  • Startup Unveils Web Server Assessment, Defense Toolkit
  • 1/27: Worm_Bropia-D Drops Other Malware
  • 2/28: Rbot-UC a Worm and Trojan
  • Security Camera Industry Information