Marc Schoenefeld has reported a weakness in Opera, which can be exploited by malicious people to disclose some system information. Opera accesses the JRE (Java Runtime Environment) directly instead of using the Java plugin. The problem is that the "accessClassInPackage" permission is improperly given to the "sun.*" packages, which can be exploited by a malicious untrusted applet to gain knowledge of the full path to the currently logged in user's username and installation directory.
Solution:
- The weakness has been fixed in the beta version of 7.60 and will be included in the upcoming 7.60 version.
News source: Secunia
-1 Comments - Add comment