Opera "sun.*" System Information Disclosure Weakness

Marc Schoenefeld has reported a weakness in Opera, which can be exploited by malicious people to disclose some system information. Opera accesses the JRE (Java Runtime Environment) directly instead of using the Java plugin. The problem is that the "accessClassInPackage" permission is improperly given to the "sun.*" packages, which can be exploited by a malicious untrusted applet to gain knowledge of the full path to the currently logged in user's username and installation directory.

Solution:

  • The weakness has been fixed in the beta version of 7.60 and will be included in the upcoming 7.60 version.
News source: Secunia

Previous Story
New Radeons on the way?
Next Story
What Will Microsoft Do With a New GNU GPL?