| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: thor at pivx.com (Thor Larholm) Subject: Fw: Opera 7 vulnerabilities ----- Original Message ----- From: "Thor Larholm" <thor@...x.com> To: <security@...ymagic.com>; <bugtraq@...urityfocus.com> Sent: Thursday, November 14, 2002 9:53 PM Subject: RE: Opera 7 vulnerabilities > Monitoring which pages a user visits is also possible, and in general there > seems to be some oversights in this otherwise smooth rewrite. > > Add to that some of the more odd bugs functionalitywise, and I would say > there is room for a beta 2 ;) > > > Regards > Thor Larholm, Security Researcher > PivX Solutions, LLC > > Strike Now, StrikeFirst! > http://www.pivx.com/sf.html > > -----Original Message----- > From: GreyMagic Software [mailto:security@...ymagic.com] > Sent: 14. november 2002 17:43 > To: Bugtraq > Subject: Opera 7 vulnerabilities > > > We've done some basic security tests, in cooperation with Tom Gilder, on the > new Opera 7 beta release and found two major security vulnerabilities. These > vulnerabilities are quite obvious and likely to be discovered by malicious > users. > > Combined, they allow full read access to a victim's file system (including > both directories and files) and scripting access to any domain. > > Full details will be released once Opera resolves these issues. In the > meanwhile, users are encouraged not to upgrade to Opera 7 or disable > scripting. >
Powered by blists - more mailing lists