Critical Flaws Spoil Opera Tune
Page 1 of 1
Alternative Web browser firm Opera Software has issued a fix for its flagship Opera browser after a security research firm reported a potentially dangerous security bug.
Opera rolled out a new version (7.54) and confirmed that users of previous versions were at risk of computer hijack.
GreyMagic, the research outfit that discovered the vulnerabilities, said a successful attack would allow read-access to files on the victim's file system and read access to lists of files and folders on the victim's computer.
Malicious hackers could also gain access to read incoming and outgoing e-mails on Opera's M2 mail program, which is built into the browser.
The flaws could also result in cookie theft, URL-spoofing for phishing
"The vulnerability is a new variant of an older vulnerability GreyMagic detected in February last year. This time the "location" object isn't sufficiently protected from malicious attacks," the company warned.
GreyMagic also released a proof-of-concept demonstration that presents the user's files and directories in an Explorer-like manner, allowing the user to browse his/her own file system using the vulnerability.
"This comes to show that the entire file-system information could have been silently downloaded to a malicious server without any user interaction," the company said.
Opera competes with Microsoft's
and the Mozilla Foundation's Firefox in the Web browser market.