Security upgrade for Opera

Forum Moderators: open

Message Too Old, No Replies

Security upgrade for Opera

RammsteinNicCage

5:35 pm on Dec 13, 2004 (gmt 0)

The upgrade (7.54u1) can be downloaded from here: [arc.opera.com...]

From [opera.com...]

Platform: All platforms
Opera security advisory
- Named frames or windows can be hi-jacked by malicious frames or windows.
- Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog misleading. A user may be convinced that an executable file is something else, for example a PDF document.
- Applets have access to sun.* packages
- Liveconnect: com.opera.EcmascriptObject constructor is accessible to Java
- Liveconnect reveals the path to the user's home directory. This can make other vulnerabilities easier to exploit.
Severity: Moderate/high
Vulnerable versions of Opera
7.54 and earlier

Apparently the beta 7.60p4 they have out is also partially vulnerable to this.

Jennifer

tedster

6:51 pm on Dec 13, 2004 (gmt 0)

It sounds like a fix for the "all browsers" security problem reported last week:

[webmasterworld.com...]

If so, that would make Opera the first to fix, afaik.

bill

4:28 am on Dec 14, 2004 (gmt 0)

Thanks for the reminder Jennifer. I just wanted to bump this back up to the top for the Opera users out there.

Make sure that you download the 7.54u1 version, and that you check your version in opera:about to make sure you've got the latest version. Currently the Opera download page only has the Opera 7.54 Security Update listed in the right-hand column. The rest of the download sites have yet to be updated.

bumpaw

4:31 am on Dec 14, 2004 (gmt 0)

[arc.opera.com...] is not showing a download for me. Maybe it's a temporary thing.

tedster

4:34 am on Dec 14, 2004 (gmt 0)

The full link for the Windows download (without java) is:

[arc.opera.com...]

If you want the java, it's:

[arc.opera.com...]

Hester

9:25 am on Dec 14, 2004 (gmt 0)

I read that to cure Preview 4 would cause problems at this stage, so there'll probably be a Preview 5 later. That version is still being worked on quite a bit. (It's not advisable to use it for everyday work.)

Once again, the upgrade to 7.54 has proved how Opera and others like Firefox take security seriously, bringing a patch out almost instantly. It'll be weeks if not months before Microsoft get round to theirs, won't it? I know which browser I trust... it begins with O.