Platform: All platforms
Vulnerable versions of Opera: 7.54 and earlier
Opera security advisory:
– Named frames or windows can be hi-jacked by malicious frames or windows.
– Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog misleading. A user may be convinced that an executable file is something else, for example a PDF document.
– Applets have access to sun.* packages
– Liveconnect: com.opera.EcmascriptObject constructor is accessible to Java
– Liveconnect reveals the path to the user’s home directory. This can make other vulnerabilities easier to exploit.
– Tightened origin check for frames. A side effect of this is that documents not passing the origin check will open in a new page.
– Fixed LiveConnect class access security issue reported by Jouko Pynnonen.
– Fixed Secunia issue SA12981, reported by Andreas Sandblad: periods in the file name and non-breaking spaces in content-type header type could obscure the file type.
– Fixed Secunia issue SA13253: “hi-jacking” a named browser window.
– Improved support for the “must-revalidate” cache directive.
Download the security update in http://www.opera.com/support/search/supsearch.dml?index=782