Users of the Opera browser should upgrade to avoid two serious security vulnerabilities. These vulnerabilities...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
allow remote attackers to view files or to place and execute files on a user's computer.
According to S.G. Masood, the researcher who discovered both vulnerabilities, a remote attacker can create HTML that uses the "opera:" internal protocol to read the directory and any file on a user's computer. A remote attacker could also execute arbitrary code on a user's computer.
The other vulnerability involves the processing of certain MIME types (namely, browser skin and browser configuration MIME types) that are specific to Opera. Masood warns that a remote attacker can create HTML that, when loaded by the user, writes arbitrary files to a user's computer. These files could include arbitrary code that could be executed using the first vulnerability. An attacker could also execute scripts with higher privileges.
Opera versions 7.21 and earlier are vulnerable. Users should upgrade to version 7.22.