Welcome to WebmasterWorld Guest from 107.21.175.43

Forum Moderators: open

Message Too Old, No Replies

Security upgrade for Opera

     

RammsteinNicCage

5:35 pm on Dec 13, 2004 (gmt 0)

10+ Year Member



The upgrade (7.54u1) can be downloaded from here: [arc.opera.com...]

From [opera.com...]

Platform: All platforms

Opera security advisory
- Named frames or windows can be hi-jacked by malicious frames or windows.
- Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog misleading. A user may be convinced that an executable file is something else, for example a PDF document.
- Applets have access to sun.* packages
- Liveconnect: com.opera.EcmascriptObject constructor is accessible to Java
- Liveconnect reveals the path to the user's home directory. This can make other vulnerabilities easier to exploit.

Severity: Moderate/high

Vulnerable versions of Opera
7.54 and earlier

Apparently the beta 7.60p4 they have out is also partially vulnerable to this.

Jennifer

tedster

6:51 pm on Dec 13, 2004 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



It sounds like a fix for the "all browsers" security problem reported last week:

[webmasterworld.com...]

If so, that would make Opera the first to fix, afaik.

bill

4:28 am on Dec 14, 2004 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Thanks for the reminder Jennifer. I just wanted to bump this back up to the top for the Opera users out there.

Make sure that you download the 7.54u1 version, and that you check your version in opera:about to make sure you've got the latest version. Currently the Opera download page only has the Opera 7.54 Security Update listed in the right-hand column. The rest of the download sites have yet to be updated.

bumpaw

4:31 am on Dec 14, 2004 (gmt 0)

10+ Year Member



[arc.opera.com...] is not showing a download for me. Maybe it's a temporary thing.

tedster

4:34 am on Dec 14, 2004 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The full link for the Windows download (without java) is:

[arc.opera.com...]

If you want the java, it's:

[arc.opera.com...]

Hester

9:25 am on Dec 14, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I read that to cure Preview 4 would cause problems at this stage, so there'll probably be a Preview 5 later. That version is still being worked on quite a bit. (It's not advisable to use it for everyday work.)

Once again, the upgrade to 7.54 has proved how Opera and others like Firefox take security seriously, bringing a patch out almost instantly. It'll be weeks if not months before Microsoft get round to theirs, won't it? I know which browser I trust... it begins with O.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month