Article

Upgrading Opera browser prevents two serious vulnerabilities

Edmund X. DeJesus, Information Security magazine Contributor

Users of the Opera browser should upgrade to avoid two serious security vulnerabilities. These vulnerabilities allow remote attackers to view files or to place and execute files on a user's computer.

According to S.G. Masood, the researcher who discovered both vulnerabilities, a remote attacker can create HTML that uses the "opera:" internal protocol to read the directory and any file on a user's computer. A remote attacker could also execute arbitrary code on a user's computer.

The other vulnerability involves the processing of certain MIME types (namely, browser skin and browser configuration MIME types) that are specific to Opera. Masood warns that a remote attacker can create HTML that, when loaded by the user, writes arbitrary files to a user's computer. These files could include arbitrary code that could be executed using the first vulnerability. An attacker could also execute scripts with higher privileges.

Opera versions 7.21 and earlier are vulnerable. Users should upgrade to version 7.22.

    Requires Free Membership to View


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: