Opera security patch

I saw this earlier today, but had thought it was an issue already covered (just before Thanksgiving there was an opera security update I think.) Anyway… Secunia has an advisory on a security vulnerability in the Opera Web browser. Users are encouraged to upgrade to v. 8.51. The SecurityFix has the story. Download link here http://www.opera.com/download/

This is a critical vulnerability, it has been confirmed in Opera 8.01… basically the flaw is with the way Opera deals with mouse clicks in a new window. A user could be tricked into clicking the open button in a file download box instead of the save or cancel.

From Secunia…

Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into downloading and executing arbitrary programs on a user’s system.

A design error in the processing of mouse clicks in new browser windows and the predictability of the position of the “File Download” dialog box can be exploited to trick the user into clicking on the “Run” button of the dialog box. This is exploited by first causing a “File Download” dialog box to be displayed underneath a new browser window, and then tricking the user into double-clicking within a specific area in the new window. This will result in an unintended click of the “Open” button in the hidden “File Download” dialog box.

   Send article as PDF   

Similar Posts