Monitoring which pages a user visits is also possible, and in general there seems to be some oversights in this otherwise smooth rewrite. Add to that some of the more odd bugs functionalitywise, and I would say there is room for a beta 2 ;) Regards Thor Larholm, Security Researcher PivX Solutions, LLC Strike Now, StrikeFirst! http://www.pivx.com/sf.html -----Original Message----- From: GreyMagic Software [mailto:securityat_private] Sent: 14. november 2002 17:43 To: Bugtraq Subject: Opera 7 vulnerabilities We've done some basic security tests, in cooperation with Tom Gilder, on the new Opera 7 beta release and found two major security vulnerabilities. These vulnerabilities are quite obvious and likely to be discovered by malicious users. Combined, they allow full read access to a victim's file system (including both directories and files) and scripting access to any domain. Full details will be released once Opera resolves these issues. In the meanwhile, users are encouraged not to upgrade to Opera 7 or disable scripting.
This archive was generated by hypermail 2b30 : Fri Nov 15 2002 - 10:19:52 PST