SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera 7 Undisclosed Vulnerabilities Let Remote Users View Files on the System and Execute Scripting Code in the Context of Other Domains
SecurityTracker Alert ID:  1005634
SecurityTracker URL:  http://securitytracker.com/id/1005634
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 14 2002
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network

Version(s): 7
Description:   An undisclosed vulnerability was reported in version 7 of the Opera web browser. A remote user can read files on the target user's computer and can execute scripting code in any security domain.

Grey Magic Security reported discovering two major security vulnerabilities, but did not disclose details of those vulnerabilities. According to the report, the vulnerabilities allow a remote user to read any file or directory on the target user's system. A remote user can also cause arbitrary scripting code to be executed in any security domain.

Another user (Thor Larholm) reports that the bug(s) also allow a remote user to monitor which pages a target user visits.

Impact:   A remote user can view directories and files on the target user's system. A remote user can execute arbitrary scripting code in an arbitrary security domain.
Solution:   No solution was available at the time of this entry. The author of the report recommends that users do not upgrade to Opera 7 and that users of Opera 7 should disable scripting.
Vendor URL:  www.opera.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  BeOS, Linux (Any), Apple (Legacy "classic" Mac), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Opera 7 vulnerabilities


We've done some basic security tests, in cooperation with Tom Gilder, on the
new Opera 7 beta release and found two major security vulnerabilities. These
vulnerabilities are quite obvious and likely to be discovered by malicious
users.

Combined, they allow full read access to a victim's file system (including
both directories and files) and scripting access to any domain.

Full details will be released once Opera resolves these issues. In the
meanwhile, users are encouraged not to upgrade to Opera 7 or disable
scripting.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC