Network News

X My Profile
View More Activity

Opera Browser Users Urged to Upgrade

Security researchers have uncovered a security weakness in one of the more recent versions of the Opera  Web browser that bad guys could use to trick users into downloading and running unwanted programs on their computers.

Computer security firm Secunia said its researchers found that a design error in the way Opera processes mouse clicks in new browser windows -- combined with the predictability of the position of the "File Download" dialog box -- could be exploited to trick the user into clicking on the "Open" button of a file download prompt, even if the user actually clicked on the button that says "Save" or "Cancel."

Secunia has only verified that the exploit works in Opera versions 8.01, though it said earlier versions may be vulnerable as well. To check which version you are running, open up an Opera browser window and click on "Help" from the top menu and then "About Opera." The version information should be the first thing displayed under the heading "Version Information."

If you are running Opera 8.01, it might be a good time to upgrade to the latest version -- 8.51.

By Brian Krebs  |  December 13, 2005; 4:25 PM ET
Categories:  Latest Warnings , New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Patches Critical Browser Flaw
Next: 'Dasher' No Reindeer Game

Comments

Brian, you might be interested to hear that this blog is very tricky to find on the Post's site. When I typed in "Security Fix Blog" into the Post's search box, the results showed only your recent live chat and did not include any link to this blog. When I typed in just "Security Fix", however, the first result was the Security Fix Blog.

Posted by: Jay | December 14, 2005 1:15 PM | Report abuse

Jay, thanks for the comment and the feedback. Yes, the site search isn't perfect. I know there are some smart people here working on ways to improve it.

Posted by: Bk | December 14, 2005 2:09 PM | Report abuse

The National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS)

Contact:
Donald Tighe
U.S. Department of Homeland Security
(202) 282-8010
donald.tighe@dhs.gov

http://www.us-cert.gov/press_room/cas-announced.html
http://www.whitehouse.gov/pcipb/

Posted by: Joshua Lee Freeman | December 14, 2005 2:42 PM | Report abuse

Opera Software released a security update (v8.02) back in July which resolved this issue.

There has since been two additional releases (not counting betas) v8.5 [major] (released in late Sept) and v8.51 [security update] (released in late Nov).

Anyone that is using v8.x of the browser should have already been notified of the new versions via Opera's update feature.

Posted by: d3|BKM | December 15, 2005 11:03 AM | Report abuse

Um, this was fixed nearly SIX months ago! Why is this being considered as "news". Opera users will have had ample time to upgrade. Opera's browser checks an XML file using standard HTTP whether there is a newer version automatically.

What is interesting here is that the same flaw in IE has been left unpatched for all that time which is why the Opera advisory was not published until now. That gives you a clear indication about the seriousness each vendor treats security holes in their product...

Posted by: Ian | December 15, 2005 1:43 PM | Report abuse

Um, this was fixed nearly SIX months ago! Why is this being considered as "news". Opera users will have had ample time to upgrade. Opera's browser checks an XML file using standard HTTP whether there is a newer version automatically.

What is interesting here is that the same flaw in IE has been left unpatched for all that time which is why the Opera advisory was not published until now. That gives you a clear indication about the seriousness each vendor treats security holes in their product...

Posted by: Ian | December 15, 2005 1:46 PM | Report abuse

Only certaim Windows are being fixed because others are not presently considered at risk. Given Microsoft are less able to anticipate ways of circumventing security that certain people are at exploiting weaknesses, I am not reassured.

Posted by: Steve H | January 6, 2006 3:05 AM | Report abuse

Posted by: Anonymous | April 7, 2006 8:34 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company