Feeds

Phantom of the Opera

Five vulns, three serious in Opera 7

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Opera is racing to fix five vulnerabilities, three of which are said to be serious, involving the latest version of its popular Web browsing software.

Israeli security outfit GreyMagic Software today published five security advisories, largely related to Opera 7's JavaScript Console feature.

The three most severe vulnerabilities (here, here and here) might allow full read access to the user's file system, including the ability to list contents of directories, read files, access emails and more, GreyMagic says.

Previous versions of Opera are not subject to these flaws nor to two less severe vulnerabilities (here and here). These disclose previous sites visited by an Opera user to other sites he or she visits.

Although patches are yet to be made available there are workarounds to address all five vulnerabilities. Four of the bugs can be quashed by disabling JavaScript, according to GreyMagic, while the fifth can be addressed by making manual changes to Opera 7's JavaScript console explained in an advisory here (look under 'solution').

Opera has a good security record. Vulnerabilities in its software are rare, though not unprecendented. It is taking the security issues highlighted by Grey Magic seriously.

"Our engineers and QA department have worked hard over the weekend to plug all holes. A new version is in the pipeline for release tonight or tomorrow morning," a representative of Opera told us.

Opera criticises GreyMagic for releasing its advisories too early.

"Unfortunately our request to GreyMagic to delay releasing the report until Thursday was denied, making it impossible for us to come out with a new version of release quality quickly enough to avoid our users from being worried."

According to Opera, GreyMagic only notified it of problems with Opera 7 on Friday afternoon (January 31).

GreyMagic confirms this and says it released its advisories to try to alert people that it might be wise to hold off on downloading Opera 7 until the bugs have been fixed.

Alternatively those who're already using Opera 7 can be made aware of possible risks and workarounds through its advisory, GreyMagic argues. ®

Related Stories

Opera releases version 7 of the 'other' browser
A fright at the Opera

External Links

List of GreyMagic's Opera advisories (which include proof of concept demonstrations)

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.