Phantom of the Opera
Five vulns, three serious in Opera 7
Opera is racing to fix five vulnerabilities, three of which are said to be serious, involving the latest version of its popular Web browsing software.
The three most severe vulnerabilities (here, here and here) might allow full read access to the user's file system, including the ability to list contents of directories, read files, access emails and more, GreyMagic says.
Previous versions of Opera are not subject to these flaws nor to two less severe vulnerabilities (here and here). These disclose previous sites visited by an Opera user to other sites he or she visits.
Opera has a good security record. Vulnerabilities in its software are rare, though not unprecendented. It is taking the security issues highlighted by Grey Magic seriously.
"Our engineers and QA department have worked hard over the weekend to plug all holes. A new version is in the pipeline for release tonight or tomorrow morning," a representative of Opera told us.
Opera criticises GreyMagic for releasing its advisories too early.
"Unfortunately our request to GreyMagic to delay releasing the report until Thursday was denied, making it impossible for us to come out with a new version of release quality quickly enough to avoid our users from being worried."
According to Opera, GreyMagic only notified it of problems with Opera 7 on Friday afternoon (January 31).
GreyMagic confirms this and says it released its advisories to try to alert people that it might be wise to hold off on downloading Opera 7 until the bugs have been fixed.
Alternatively those who're already using Opera 7 can be made aware of possible risks and workarounds through its advisory, GreyMagic argues. ®