A fright at the Opera
It ain't over 'til the fat lady pings
Veteran bug hunter Georgi Guninski has discovered that versions of the Web browser on both Windows and Linux allow the execution of script code across domains.
This means it's possible for a hacker to set up malicious script code on a Web page which, when executed by Opera, allows access to the cookie-based authentication credentials of another Web site, Guninski warns. Cookies can contain sensitive information, such as usernames/passwords.
The vulnerabilities (which are believed to affect Opera 5.02, 5.10, 5.11 and 5.12 for Windows as well as Opera 5.0 for Linux) may also expose a browser's cache and history files.
Jon Von Tetzchnor, chief executive of Opera, told us that testing and development for a patch to fix the problem is underway, and a solution should be available by the end of the month. He also points out that Internet Explorer and Netscape browsers have been affected by similar cross-site scripting flaws in the past.
Opera tolerating MSN.co.uk goes live
Opera to challenge e-envoy over UK govt 'Windows tax'
Opera to be default browser in Symbian ref designs
Opera 5.0 for Linux to ship next week
Opera browser goes free with version 5.0 launch
Guninski finds new ActiveX security hole in OXP
MS gets hacked off with bug hunter