Users of Opera 7.53 and prior need to upgrade to fix a "severe" security vulnerability in the Web browser that could allow read-access to victim's files and folders, cookie theft and URL spoofing (phishing). The flaw could also be used to track a user's browsing history and affects Opera running on Windows, Linux and Macintosh systems.
"This vulnerability in Opera is extremely severe, especially since it's a variation of a vulnerability we have reported over a year and a half ago," said Lee Dagon, head of research and development at Israel-based GreyMagic Software, which discovered the flaw. "Unfortunately, it wasn't fully patched and we can only hope that this time the patch will perform better and surround all potentially vulnerable objects."
In an e-mail interview, Dagon said it was "shockingly easy" to explore and steal information from users' hard drives with this vulnerability.
"The vulnerability is a new variant of an older vulnerability GreyMagic detected in February last year. This time the 'location' object isn't sufficiently protected from malicious attacks," Dagon said.
The February advisory described several flaws in Opera's model, one of which allowed an attacker to overwrite native and custom functions in a window. When the Web page executed the function, the attacker's code executed with the victim's privileges.
Opera version 7.01 tried to fix the problem by blocking write-access to objects on the victim window, but failed to block write-access to the often-used "location" object, Dagon said. "By overwriting methods in this object, an attacker can gain immediate script access to any Web page that uses one of these methods. This includes both Web pages in foreign domains and the victim's local file system."
GreyMagic informed Opera of the vulnerability on July 22. Opera version 7.54 was released on Aug. 5 to address the flaw.
Opera is the third most popular browser after Internet Explorer and Mozilla/Firefox. According to the Opera Web site, there are more than 7 million Opera users.