Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Opera posts a fix for the new injection vulnerabilities affecting most browsers

Opera SoftwareSecurity Advisory 2004-12-10

Platform: All platforms

Opera security advisory

  • Named frames or windows can be hi-jacked by malicious frames or windows.
  • Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog misleading. A user may be convinced that an executable file is something else, for example a PDF document.
  • Applets have access to sun.* packages
  • Liveconnect: com.opera.EcmascriptObject constructor is accessible to Java
  • Liveconnect reveals the path to the user's home directory. This can make other vulnerabilities easier to exploit.

Severity: Moderate/high

Vulnerable versions of Opera

  • 7.54 and earlier

Opera's response

Security update 7.54u1. 7.54u1 has several security fixes. (Note: Please use the download link on the right hand side of the page.)

  • Tightened origin check for frames. A side effect of this is that documents not passing the origin check will open in a new page.
  • Fixed issue reported by Marc Schönefeld: intrusive JavaScript or Java applet could exploit Sun Java vulnerability to retrieve logged-in user's username and install directory.
  • Fixed LiveConnect class access security issue reported by Jouko Pynnonen.
  • Fixed Secunia issue SA12981, reported by Andreas Sandblad: periods in the file name and non-breaking spaces in content-type header type could obscure the file type.
  • Fixed Secunia issue SA13253: "hi-jacking" a named browser window.
  • Improved support for the "must-revalidate" cache directive.