Only hours after Norwegian Web browser company Opera announced version 7.5 was out of beta, a vulnerability affecting earlier iterations was published.
The flaw is a telnet
Specifically, the vulnerability seizes on Opera’s inability to check for the “-” when entering a hostname at the telnet prompt. So, if a user typed “-f,” everything after would be used to create or overwrite a file in the Opera directory, possibly disabling the application. In Windows, the exploit overwrites files in the Opera directory; in Linux, it’s possible to overwrite files in the user’s home directory.
iDEFENSE experts say the vulnerability affects Opera 7.23 and likely all older versions, though it has only tested some of the versions and platforms Opera runs.
While a workaround — by going into the “Protocols” section within “Preferences” and deleting “telnet” — is relatively easy, it might be even easier to download Opera 7.5, which is now available for free download. Opera officials say the vulnerability is fixed in the latest version, which spent all of 20 days in beta testing.
The beta, released April 22, marked the first time Opera developers released a working version on all the desktop platforms it supports — Windows, Linux, Mac, FreeBSD and Solaris. The official release of Opera 7.5 includes the same versions.
At 3.5 MB, officials have packed new features into the new version: IRC-compatible chat
John von Tetzchner, Opera CEO, called out the 90s-era technology used in the world’s most popular Web browser, Microsoft’s Internet Explorer (IE), and said Internet functions handled by Opera are still be used as standalone software applications.
“[IE] is an aged application that Microsoft has not given a major update in years, and according to press reports they are not planning to upgrade it in the near future,” he said in a statement. “At the same time, most people’s e-mail applications still function like it’s 1994.”
Opera users can go here for more information on the vulnerability and here to download the latest version
of Opera.