Fw: Opera 7 vulnerabilities

["Thor Larholm" <thor () pivx com>]

----- Original Message -----
From: "Thor Larholm" <thor () pivx com>
To: <security () greymagic com>; <bugtraq () securityfocus com>
Sent: Thursday, November 14, 2002 9:53 PM
Subject: RE: Opera 7 vulnerabilities


> Monitoring which pages a user visits is also possible, and in general
there
> seems to be some oversights in this otherwise smooth rewrite.
>
> Add to that some of the more odd bugs functionalitywise, and I would say
> there is room for a beta 2 ;)
>
>
> Regards
> Thor Larholm, Security Researcher
> PivX Solutions, LLC
>
> Strike Now, StrikeFirst!
> http://www.pivx.com/sf.html
>
> -----Original Message-----
> From: GreyMagic Software [mailto:security () greymagic com]
> Sent: 14. november 2002 17:43
> To: Bugtraq
> Subject: Opera 7 vulnerabilities
>
>
> We've done some basic security tests, in cooperation with Tom Gilder, on
the
> new Opera 7 beta release and found two major security vulnerabilities.
These
> vulnerabilities are quite obvious and likely to be discovered by malicious
> users.
>
> Combined, they allow full read access to a victim's file system (including
> both directories and files) and scripting access to any domain.
>
> Full details will be released once Opera resolves these issues. In the
> meanwhile, users are encouraged not to upgrade to Opera 7 or disable
> scripting.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html