[<prev] [next>] [day] [month] [year] [list]
Message-ID: <053001c28c20$689061d0$858370d4@thor2k>
From: thor at pivx.com (Thor Larholm)
Subject: Fw: Opera 7 vulnerabilities
----- Original Message -----
From: "Thor Larholm" <thor@...x.com>
To: <security@...ymagic.com>; <bugtraq@...urityfocus.com>
Sent: Thursday, November 14, 2002 9:53 PM
Subject: RE: Opera 7 vulnerabilities
> Monitoring which pages a user visits is also possible, and in general
there
> seems to be some oversights in this otherwise smooth rewrite.
>
> Add to that some of the more odd bugs functionalitywise, and I would say
> there is room for a beta 2 ;)
>
>
> Regards
> Thor Larholm, Security Researcher
> PivX Solutions, LLC
>
> Strike Now, StrikeFirst!
> http://www.pivx.com/sf.html
>
> -----Original Message-----
> From: GreyMagic Software [mailto:security@...ymagic.com]
> Sent: 14. november 2002 17:43
> To: Bugtraq
> Subject: Opera 7 vulnerabilities
>
>
> We've done some basic security tests, in cooperation with Tom Gilder, on
the
> new Opera 7 beta release and found two major security vulnerabilities.
These
> vulnerabilities are quite obvious and likely to be discovered by malicious
> users.
>
> Combined, they allow full read access to a victim's file system (including
> both directories and files) and scripting access to any domain.
>
> Full details will be released once Opera resolves these issues. In the
> meanwhile, users are encouraged not to upgrade to Opera 7 or disable
> scripting.
>
Powered by blists - more mailing lists