Critical Flaws Spoil Opera Tune

Alternative Web browser firm Opera Software has issued a fix for its
flagship Opera browser after a security research firm reported a potentially
dangerous security bug.

Opera rolled out a new version (7.54)
and confirmed that users of previous versions were at risk of computer
hijack.

GreyMagic, the research outfit that discovered the vulnerabilities,
said a successful attack would allow read-access to
files on the victim’s file system and read access to lists of files and
folders on the victim’s computer.

Malicious hackers could also gain access to read incoming and outgoing
e-mails on Opera’s M2 mail program, which is built into the browser.

The flaws could also result in cookie theft, URL-spoofing for phishing
attacks and the spillage of a user’s browsing history.

“The vulnerability is a new variant of an older vulnerability GreyMagic
detected in February last year. This time the “location” object isn’t
sufficiently protected from malicious attacks,” the company warned.

GreyMagic also released a proof-of-concept demonstration that presents
the user’s files and directories in an Explorer-like manner, allowing the
user to browse his/her own file system using the vulnerability.

“This comes to show that the entire file-system information could have
been silently downloaded to a malicious server without any user
interaction,” the company said.

Opera competes with Microsoft’s Internet Explorer
and the Mozilla Foundation’s Firefox in the Web browser market.