Security Flaws Found in New Opera Browser
Posted by Mr magoo on 04 February 2003 - 21:41 · 10 comments & 1164 views
About the Author
Full name: Unknown
Forum name:
Mr magoo
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
Mr magooContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(1 reply)
#1 Posted by dismuter on 04 Feb 2003 - 22:06
- That hits Opera quite hard.
Well it'll be fixed tonight that's good.-
#2 Posted by Quboid on 05 Feb 2003 - 00:01
-
This isn't good news. The good news is that the boy's at Opera release fixes fast - there should be a patch out within 2 days.
EDIT: Saw this at the offical forums:
[quote]"Our engineers and QA department have worked hard over the weekend to plug all holes. A new version is in the pipeline for release tonight or tomorrow morning," a representative of Opera told us.
Opera criticises GreyMagic for releasing its advisories too early.
"Unfortunately our request to GreyMagic to delay releasing the report until Thursday was denied, making it impossible for us to come out with a new version of release quality quickly enough to avoid our users from being worried."
According to Opera, GreyMagic only notified it of problems with Opera 7 on Friday afternoon (January 31).
GreyMagic confirms this and says it released its advisories to try to alert people that it might be wise to hold off on downloading Opera 7 until the bugs have been fixed. [/quote]
That's Opera for you!
Last edited by 748 on 05 Feb 2003 - 00:14
-
#3 Posted by realmccoy on 05 Feb 2003 - 02:23
- Opera Update already out (7.01), these guy's are fast Checkout : http://slashdot.org/
-
#4 Posted by Quboid on 05 Feb 2003 - 02:25
- [b]Fixed![/b] Opera 7.01 fixes these problems. O7.01 (with java) 12.9MB: ftp://ftp.opera.com/pub/opera/win/701/en/java/ow32enen701j.exe O7.01 (w/out java) 3.3MB: ftp://ftp.opera.com/pub/opera/win/701/en/std/ow32enen701.exe That's Opera for you!
-
#5 Posted by TC17 on 05 Feb 2003 - 02:41
- Well considering Opera costs a ridiculous $39 (just for this version number), they better be fixing it overnight.
-
(2 replies)
#6 Posted by X-Spyder on 05 Feb 2003 - 05:23
- 7.0 is a beta so it is free, for now, and there are no ads. Really a great attempt at making a browser.
-
#6.1 Posted by BigMac44 on 05 Feb 2003 - 06:51
- Opera 7.0 has been out of beta for several days now. You need to get your facts straight before you post. Just a pet peeve of mine. I'm off to get 7.01 now.
-
#7 Posted by FraZor on 05 Feb 2003 - 09:59
- The 'free' version is ad-free for about 2 weeks I think. Then it turns the ads back on. $39 really isn't that much for a fast and very full featured browser AND mail client. Especially considering this price includes updates and support, the latter of which you don't get with any other browser. I personally don't mind paying for good software, and this IS good software. Don't forget that Opera 7 doesn't need an additional popup blocker either, so thats a reduced cost for a start. I know there are 'free' popup stoppers, but lets face it, they suck, the good ones cost $$$.
Three of the vulnerabilities allow an attacker to browse a victim's hard drive and read any file using a file browser complete with a folder tree and file viewer, GreyMagic said in a statement. The company said the flaws lie in the way Opera handles Javascript and image files and considers the vulnerabilities "critical." The two other flaws are "severe breaches of privacy" as they can disclose part of the user's browsing history to a malicious Web site operator, GreyMagic said.
Opera was informed by GreyMagic on Friday and plans to release a new version of its browser soon to address the issues, Live Leer, an Opera spokesperson said. "We have been working on the issues since Friday and we will release a new version either tonight or tomorrow. We want to rectify the issues as soon as possible," she said. The flaws are apparently easy to exploit.
Symantec found that, on average, companies experienced 30 attacks a week in the second half of 2002, compared with 32 in the first six months of the year, a 6 percent reduction. Symantec defined attacks as "individual signs of malicious activity."
In addition, the rate of severe events declined, with 21 percent of the companies that made up the sample suffering a severe event during the past six months, compared to 23 percent of companies in the six months before that and 43 percent of companies in the second half of 2001.
Severe events were defined by Symantec as "sequences of attack activity that have either caused a security breach on a company's network or present an immediate danger of a security breach if intervention is not taken."
While lower than the preceding six months, the average number of attacks per company in the final six months of 2002 was still 21 percent higher than for the same period in 2001.
Those numbers may get worse before they get better. Symantec documented more than 2,500 new vulnerabilities in 2002, an 81 percent increase from the number found in 2001. The number of moderate and high-severity vulnerabilities was almost 85 percent greater than in 2001.
While the increase in the number of software vulnerabilities may reflect increased media attention on the problem and the creation of more responsible disclosure policies in companies, new strategies for exploiting previously unrecognized weaknesses in software code may also be responsible.
The number and severity of the discovered vulnerabilities are fertile ground for new "blended threats" that leverage two or more different security flaws to execute an attack, Symantec said.