Opera struck by bizarre hidden hole
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
By Matthew Broersma
A bizarre security bug in the Opera Web browser could trick users into running malicious code, security experts have warned. The hole is similar to one discovered in Internet Explorer and patched by Microsoft yesterday.
The flaw involves the way Opera processes mouse clicks in new browser windows, according to Secunia. The mouse-click bug can be used to hide a "File Download" dialogue box underneath a new browser window, which responds to mouse clicks even though it isn't visible. Because the "Run" button of the dialogue box appears in a predictable position, an attacker could trick the user into activating it by clicking in a specific area in the new browser window, Secunia said.
"This will result in an unintended click of the "Run" button in the hidden "File Download" dialog box," the company said in an advisory.
Secunia notified Opera of the bug in June, and it was fixed in July, but disclosure was delayed while Microsoft fixed a similar bug in Internet Explorer, Secunia said.
The flaw is eliminated in Opera version 8.02, available from Opera's website. Version 8.01 is affected, and previous versions are likely to be affected as well, Secunia said.
Article submitted by: Webshark
Last Update: 12-15-2005
Category: Security
A bizarre security bug in the Opera Web browser could trick users into running malicious code, security experts have warned. The hole is similar to one discovered in Internet Explorer and patched by Microsoft yesterday.
The flaw involves the way Opera processes mouse clicks in new browser windows, according to Secunia. The mouse-click bug can be used to hide a "File Download" dialogue box underneath a new browser window, which responds to mouse clicks even though it isn't visible. Because the "Run" button of the dialogue box appears in a predictable position, an attacker could trick the user into activating it by clicking in a specific area in the new browser window, Secunia said.
"This will result in an unintended click of the "Run" button in the hidden "File Download" dialog box," the company said in an advisory.
Secunia notified Opera of the bug in June, and it was fixed in July, but disclosure was delayed while Microsoft fixed a similar bug in Internet Explorer, Secunia said.
The flaw is eliminated in Opera version 8.02, available from Opera's website. Version 8.01 is affected, and previous versions are likely to be affected as well, Secunia said.
Article submitted by: Webshark
Last Update: 12-15-2005
Category: Security
Current rating: 5.46 by 77 users
| Would you recommend this article to a friend? |
| Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(9,211 reads) 07-05-2008
· Fusion Security(14,902 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(13,676 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,114 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(13,612 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,402 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,434 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,154 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(18,017 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,386 reads) 10-01-2006
· ipBan Modification
Please register or sign-in to post comments.