Bugtraq mailing list archives
Re: Secunia Research: Opera browser Cross Site Scripting
From: Axel Beckert - ecos gmbh <beckert () ecos de>
Date: Thu, 27 Feb 2003 15:35:49 +0100
Hi! Am Wed, Feb 26, 2003 at 04:00:55PM +0100, Jakob Balle schrieb:
====================================================================== 2) Affected Software Following have been tested and found vulnerable: Opera prior to 7.02 on Windows [...] ====================================================================== 5) Solution Vendor patch: Windows: Update to latest version. Opera v7.02 is not vulnerable. Linux: No update available. [...] ====================================================================== 6) Time Table 15/02/2003 - Vulnerability discovered 16/02/2003 - Further research 17/02/2003 - Vendor informed 19/02/2003 - Vendor confirmed and fixed vulnerability 26/02/2003 - Vendor released Opera v7.02 26/02/2003 - Public disclosure of vulnerability
Please note, that the Opera "Bork Edition", released on 14-Feb-2003, calls itself on the "opera:about" page also "Opera 7.02" (build number is "2658 Bork Edition"), but _is_ vulnerable. (Not tested, but it has been released before the vulnerability was discovered... :-) Kind regards, Axel Beckert -- -------------------------------------------------------------- Axel Beckert ecos electronic communication services gmbh IT-Securitylösungen * dynamische Webapplikationen * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: beckert () ecos de Voice: +49 6133 939-220 WWW: http://www.ecos.de/ Fax: +49 6133 939-333 -------------------------------------------------------------- | | | Visit us at CeBIT from 12. to 19. March 2003 | | Messe Hannover * Halle 17 * Stand F 36 | | http://www.cebit.de/ | | | --------------------------------------------------------------
Current thread:
- Secunia Research: Opera browser Cross Site Scripting Jakob Balle (Feb 26)
- Re: Secunia Research: Opera browser Cross Site Scripting Axel Beckert - ecos gmbh (Feb 27)