Users of the Opera browser should upgrade to avoid two serious security vulnerabilities. These vulnerabilities...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
allow remote attackers to view files or to place and execute files on a user's computer.
According to S.G. Masood, the researcher who discovered both vulnerabilities, a remote attacker can create HTML that uses the "opera:" internal protocol to read the directory and any file on a user's computer. A remote attacker could also execute arbitrary code on a user's computer.
The other vulnerability involves the processing of certain MIME types (namely, browser skin and browser configuration MIME types) that are specific to Opera. Masood warns that a remote attacker can create HTML that, when loaded by the user, writes arbitrary files to a user's computer. These files could include arbitrary code that could be executed using the first vulnerability. An attacker could also execute scripts with higher privileges.
Opera versions 7.21 and earlier are vulnerable. Users should upgrade to version 7.22.