Feeds

Phantom of the Opera

Five vulns, three serious in Opera 7

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

Opera is racing to fix five vulnerabilities, three of which are said to be serious, involving the latest version of its popular Web browsing software.

Israeli security outfit GreyMagic Software today published five security advisories, largely related to Opera 7's JavaScript Console feature.

The three most severe vulnerabilities (here, here and here) might allow full read access to the user's file system, including the ability to list contents of directories, read files, access emails and more, GreyMagic says.

Previous versions of Opera are not subject to these flaws nor to two less severe vulnerabilities (here and here). These disclose previous sites visited by an Opera user to other sites he or she visits.

Although patches are yet to be made available there are workarounds to address all five vulnerabilities. Four of the bugs can be quashed by disabling JavaScript, according to GreyMagic, while the fifth can be addressed by making manual changes to Opera 7's JavaScript console explained in an advisory here (look under 'solution').

Opera has a good security record. Vulnerabilities in its software are rare, though not unprecendented. It is taking the security issues highlighted by Grey Magic seriously.

"Our engineers and QA department have worked hard over the weekend to plug all holes. A new version is in the pipeline for release tonight or tomorrow morning," a representative of Opera told us.

Opera criticises GreyMagic for releasing its advisories too early.

"Unfortunately our request to GreyMagic to delay releasing the report until Thursday was denied, making it impossible for us to come out with a new version of release quality quickly enough to avoid our users from being worried."

According to Opera, GreyMagic only notified it of problems with Opera 7 on Friday afternoon (January 31).

GreyMagic confirms this and says it released its advisories to try to alert people that it might be wise to hold off on downloading Opera 7 until the bugs have been fixed.

Alternatively those who're already using Opera 7 can be made aware of possible risks and workarounds through its advisory, GreyMagic argues. ®

Related Stories

Opera releases version 7 of the 'other' browser
A fright at the Opera

External Links

List of GreyMagic's Opera advisories (which include proof of concept demonstrations)

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.