Home > Security News > GreyMagic sings about Opera flaw
Security News:
EMAIL THIS LICENSING & REPRINTS

GreyMagic sings about Opera flaw

By Shawna McAlearney, News Writer
05 Aug 2004 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Users of Opera 7.53 and prior need to upgrade to fix a "severe" security vulnerability in the Web browser that could allow read-access to victim's files and folders, cookie theft and URL spoofing (phishing). The flaw could also be used to track a user's browsing history and affects Opera running on Windows, Linux and Macintosh systems.

"This vulnerability in Opera is extremely severe, especially since it's a variation of a vulnerability we have reported over a year and a half ago," said Lee Dagon, head of research and development at Israel-based GreyMagic Software, which discovered the flaw. "Unfortunately, it wasn't fully patched and we can only hope that this time the patch will perform better and surround all potentially vulnerable objects."

In an e-mail interview, Dagon said it was "shockingly easy" to explore and steal information from users' hard drives with this vulnerability.

"The vulnerability is a new variant of an older vulnerability GreyMagic detected in February last year. This time the 'location' object isn't sufficiently protected from malicious attacks," Dagon said.

The February advisory described several flaws in Opera's model, one of which allowed an attacker to overwrite native and custom functions in a window. When the Web page executed the function, the attacker's code executed with the victim's privileges.

Opera version 7.01 tried to fix the problem by blocking write-access to objects on the victim window, but failed to block write-access to the often-used "location" object, Dagon said. "By overwriting methods in this object, an attacker can gain immediate script access to any Web page that uses one of these methods. This includes both Web pages in foreign domains and the victim's local file system."

GreyMagic informed Opera of the vulnerability on July 22. Opera version 7.54 was released on Aug. 5 to address the flaw.

Opera is the third most popular browser after Internet Explorer and Mozilla/Firefox. According to the Opera Web site, there are more than 7 million Opera users.

The full GreyMagic advisory is available here.

Tags: Opera SecurityVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   




More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts