News Stay informed about the latest enterprise technology news and product updates.

Upgrading Opera browser prevents two serious vulnerabilities

Two security holes have been found in the Opera browser that could lead to remote code execution. Upgrades are urged.

Users of the Opera browser should upgrade to avoid two serious security vulnerabilities. These vulnerabilities...

allow remote attackers to view files or to place and execute files on a user's computer.

According to S.G. Masood, the researcher who discovered both vulnerabilities, a remote attacker can create HTML that uses the "opera:" internal protocol to read the directory and any file on a user's computer. A remote attacker could also execute arbitrary code on a user's computer.

The other vulnerability involves the processing of certain MIME types (namely, browser skin and browser configuration MIME types) that are specific to Opera. Masood warns that a remote attacker can create HTML that, when loaded by the user, writes arbitrary files to a user's computer. These files could include arbitrary code that could be executed using the first vulnerability. An attacker could also execute scripts with higher privileges.

Opera versions 7.21 and earlier are vulnerable. Users should upgrade to version 7.22.

Dig Deeper on Web browser security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.