main
Report a problem

Opera "sun.*" System Information Disclosure Weakness

malebolgia   on 23 November 2004 - 02:03 · 12 comments & 2446 views

Advertisement (Why?)
Marc Schoenefeld has reported a weakness in Opera, which can be exploited by malicious people to disclose some system information. Opera accesses the JRE (Java Runtime Environment) directly instead of using the Java plugin. The problem is that the "accessClassInPackage" permission is improperly given to the "sun.*" packages, which can be exploited by a malicious untrusted applet to gain knowledge of the full path to the currently logged in user's username and installation directory.

Solution:
  • The weakness has been fixed in the beta version of 7.60 and will be included in the upcoming 7.60 version.
News source: Secunia

Post a comment · Send to friend Comments · There are 12 additional comments

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)