Home > Security News > Upgrading Opera browser prevents two serious vulnerabilities
Security News:
EMAIL THIS

Upgrading Opera browser prevents two serious vulnerabilities

By Edmund X. DeJesus, Information Security magazine Contributor
14 Nov 2003 | Information Security magazine

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Users of the Opera browser should upgrade to avoid two serious security vulnerabilities. These vulnerabilities allow remote attackers to view files or to place and execute files on a user's computer.

According to S.G. Masood, the researcher who discovered both vulnerabilities, a remote attacker can create HTML that uses the "opera:" internal protocol to read the directory and any file on a user's computer. A remote attacker could also execute arbitrary code on a user's computer.

The other vulnerability involves the processing of certain MIME types (namely, browser skin and browser configuration MIME types) that are specific to Opera. Masood warns that a remote attacker can create HTML that, when loaded by the user, writes arbitrary files to a user's computer. These files could include arbitrary code that could be executed using the first vulnerability. An attacker could also execute scripts with higher privileges.

Opera versions 7.21 and earlier are vulnerable. Users should upgrade to version 7.22.



Tags: Web Browser SecurityVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Web Browser Security
Microsoft fixes security update that breaks Internet Explorer
Mozilla update repairs Firefox buffer overflow vulnerabilities
Kaspersky system analyzes malicious URLs on Twitter for malware
Silon malware intercepts Internet Explorer sessions, steals credentials
Do Facebook URL security concerns justify blocking social networks?
Phishing attacks to remain a major problem, say security experts
Adrian Perrig: Improve SSL/TLS Security Through Education and Technology
New Bahama botnet evades search engines, fuels click fraud
SANS: Application threats, website flaws pose biggest security threats
Mozilla helps Adobe push out faster patches
Web Browser Security Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
browser hijacker  (SearchSecurity.com)
cache cramming  (SearchSecurity.com)
cache poisoning  (SearchSecurity.com)
honey monkey  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
NCSA  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts