Opera 7 Undisclosed Vulnerabilities Let Remote Users View Files on the System and Execute Scripting Code in the Context of Other Domains - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Browser) > Opera

Vendors: Opera Software

Opera 7 Undisclosed Vulnerabilities Let Remote Users View Files on the System and Execute Scripting Code in the Context of Other Domains

SecurityTracker Alert ID: 1005634

SecurityTracker URL: http://securitytracker.com/id/1005634

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 14 2002

Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network

Version(s): 7

Description: An undisclosed vulnerability was reported in version 7 of the Opera web browser. A remote user can read files on the target user's computer and can execute scripting code in any security domain.

Grey Magic Security reported discovering two major security vulnerabilities, but did not disclose details of those vulnerabilities. According to the report, the vulnerabilities allow a remote user to read any file or directory on the target user's system. A remote user can also cause arbitrary scripting code to be executed in any security domain.

Another user (Thor Larholm) reports that the bug(s) also allow a remote user to monitor which pages a target user visits.

Impact: A remote user can view directories and files on the target user's system. A remote user can execute arbitrary scripting code in an arbitrary security domain.

Solution: No solution was available at the time of this entry. The author of the report recommends that users do not upgrade to Opera 7 and that users of Opera 7 should disable scripting.

Vendor URL: www.opera.com/ (Links to External Site)

Cause: Access control error

Underlying OS: BeOS, Linux (Any), MacOS, UNIX (OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History: None.

Source Message Contents

Date: Thu, 14 Nov 2002 18:43:02 +0200
Subject: Opera 7 vulnerabilities


We've done some basic security tests, in cooperation with Tom Gilder, on the
new Opera 7 beta release and found two major security vulnerabilities. These
vulnerabilities are quite obvious and likely to be discovered by malicious
users.

Combined, they allow full read access to a victim's file system (including
both directories and files) and scripting access to any domain.

Full details will be released once Opera resolves these issues. In the
meanwhile, users are encouraged not to upgrade to Opera 7 or disable
scripting.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC