Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: open
Platform: All platforms
Opera security advisory
- Named frames or windows can be hi-jacked by malicious frames or windows.
- Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog misleading. A user may be convinced that an executable file is something else, for example a PDF document.
- Applets have access to sun.* packages
- Liveconnect: com.opera.EcmascriptObject constructor is accessible to Java
- Liveconnect reveals the path to the user's home directory. This can make other vulnerabilities easier to exploit.
Vulnerable versions of Opera
7.54 and earlier
Apparently the beta 7.60p4 they have out is also partially vulnerable to this.
Make sure that you download the 7.54u1 version, and that you check your version in opera:about to make sure you've got the latest version. Currently the Opera download page only has the Opera 7.54 Security Update listed in the right-hand column. The rest of the download sites have yet to be updated.
Once again, the upgrade to 7.54 has proved how Opera and others like Firefox take security seriously, bringing a patch out almost instantly. It'll be weeks if not months before Microsoft get round to theirs, won't it? I know which browser I trust... it begins with O.