----- Original Message ----- From: "Thor Larholm" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, November 14, 2002 9:53 PM Subject: RE: Opera 7 vulnerabilities
> Monitoring which pages a user visits is also possible, and in general there > seems to be some oversights in this otherwise smooth rewrite. > > Add to that some of the more odd bugs functionalitywise, and I would say > there is room for a beta 2 ;) > > > Regards > Thor Larholm, Security Researcher > PivX Solutions, LLC > > Strike Now, StrikeFirst! > http://www.pivx.com/sf.html > > -----Original Message----- > From: GreyMagic Software [mailto:security@;greymagic.com] > Sent: 14. november 2002 17:43 > To: Bugtraq > Subject: Opera 7 vulnerabilities > > > We've done some basic security tests, in cooperation with Tom Gilder, on the > new Opera 7 beta release and found two major security vulnerabilities. These > vulnerabilities are quite obvious and likely to be discovered by malicious > users. > > Combined, they allow full read access to a victim's file system (including > both directories and files) and scripting access to any domain. > > Full details will be released once Opera resolves these issues. In the > meanwhile, users are encouraged not to upgrade to Opera 7 or disable > scripting. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
