[29067] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Secunia Research: Opera browser Cross Site Scripting

daemon@ATHENA.MIT.EDU (Axel Beckert - ecos gmbh)
Thu Feb 27 11:24:14 2003

Date: Thu, 27 Feb 2003 15:35:49 +0100
From: Axel Beckert - ecos gmbh <beckert@ecos.de>
To: bugtraq@securityfocus.com
Message-ID: <20030227143549.GC1501@ecos.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1046271655.1312.154.camel@localhost.localdomain>

Hi!

Am Wed, Feb 26, 2003 at 04:00:55PM +0100, Jakob Balle schrieb:
> ======================================================================
> 2) Affected Software
> 
> Following have been tested and found vulnerable:
> Opera prior to 7.02 on Windows
> [...]
> 
> ======================================================================
> 5) Solution
> 
> Vendor patch:
> Windows: Update to latest version. Opera v7.02 is not vulnerable.
> Linux: No update available.
> [...]
> 
> ======================================================================
> 6) Time Table
> 
> 15/02/2003 - Vulnerability discovered
> 16/02/2003 - Further research
> 17/02/2003 - Vendor informed
> 19/02/2003 - Vendor confirmed and fixed vulnerability
> 26/02/2003 - Vendor released Opera v7.02
> 26/02/2003 - Public disclosure of vulnerability

Please note, that the Opera "Bork Edition", released on 14-Feb-2003,
calls itself on the "opera:about" page also "Opera 7.02" (build number
is "2658 Bork Edition"), but _is_ vulnerable. (Not tested, but it has
been released before the vulnerability was discovered... :-)

            Kind regards, Axel Beckert
-- 
--------------------------------------------------------------
Axel Beckert       ecos electronic communication services gmbh
IT-Securitylösungen * dynamische Webapplikationen * Consulting

Post:       Tulpenstrasse 5          D-55276 Dienheim b. Mainz
E-Mail:     beckert@ecos.de          Voice:   +49 6133 939-220
WWW:        http://www.ecos.de/      Fax:     +49 6133 939-333
--------------------------------------------------------------
|                                                            |
|   Visit us at CeBIT from 12. to 19. March 2003             |
|   Messe Hannover * Halle 17 * Stand F 36                   |
|   http://www.cebit.de/                                     |
|                                                            |
--------------------------------------------------------------
home help back first fref pref prev next nref lref last post