-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(6) LOW: Opera Web Browser Multiple Vulnerabilities

Affected Products:
Opera Web browser Version 7

Description:
The Opera Web browser contains multiple vulnerabilities that allow a
malicious web server to read arbitrary files on the client system,
steal cookies set by other sites, and extract a user's browsing
history.

Risk: A malicious web server can harvest sensitive information from
a client running Opera.

Deployment: Moderate.
The Opera browser is ranked third among browsers worldwide behind
Internet Explorer and Netscape. The software was designed to be
compact, making it a popular browser solution for embedded devices.
Opera runs on Windows, OS/2, Linux, BeOS, BelA, Symbian OS, and QNX.

Ease of Exploitation: Straightforward.
Example exploits have been posted for each vulnerability.

Status: These vulnerabilities have not been confirmed by Opera
Software. They have been corrected in Version 7.01, which is available
for download from the Opera web site.

References:
Security Advisories posted by GreyMagic:
http://security.greymagic.com/adv/gm002-op/
http://security.greymagic.com/adv/gm003-op/
http://security.greymagic.com/adv/gm004-op/
http://security.greymagic.com/adv/gm005-op/
http://security.greymagic.com/adv/gm006-op/

Vendor Web Site:
http://www.opera.com/

Background Information about Opera:
http://www.wave-report.com/tutorials/opera.htm

Council Site Actions:
The majority of the council sites reported the affected software was
not in production or widespread use, hence no action was necessary.
One site did have a small deployment, but none of the users had
installed the affected version.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+R/qf+LUG5KFpTkYRAl8qAKCTozsS5m7mXZd3m7gvE45/Sn+0LACfZZFb
8sVegKj82oi6yaoffEZXjiY=
=D9+R
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]