Modernizing Authentication — What It Takes to Transform Secure Access
Opera rolled out a new version (7.54) and confirmed that users of previous versions were at risk of computer hijack.
GreyMagic, the research outfit that discovered the vulnerabilities, said a successful attack would allow read-access to files on the victim's file system and read access to lists of files and folders on the victim's computer.
Malicious hackers could also gain access to read incoming and outgoing e-mails on Opera's M2 mail program, which is built into the browser.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i The flaws also could result in cookie theft, URL-spoofing for phishing attacks and the spillage of a user's browsing history.
''The vulnerability is a new variant of an older vulnerability GreyMagic detected in February last year. This time the 'location' object isn't sufficiently protected from malicious attacks,'' the company warned.
GreyMagic also released a proof-of-concept demonstration that presents the user's files and directories in an Explorer-like manner, allowing the user to browse his/her own file system using the vulnerability.
''This comes to show that the entire file-system information could have been silently downloaded to a malicious server without any user interaction,'' the company said.
Opera competes with Microsoft's Internet Explorer and the Mozilla Foundation's Firefox in the Web browser market.
This article was first published on internetnews.com.