Bugtraq mailing list archives
Re: Secunia Research: Opera browser Cross Site Scripting
From: Axel Beckert - ecos gmbh <beckert () ecos de>
Date: Thu, 27 Feb 2003 15:35:49 +0100
Hi! Am Wed, Feb 26, 2003 at 04:00:55PM +0100, Jakob Balle schrieb:
====================================================================== 2) Affected Software Following have been tested and found vulnerable: Opera prior to 7.02 on Windows [...] ====================================================================== 5) Solution Vendor patch: Windows: Update to latest version. Opera v7.02 is not vulnerable. Linux: No update available. [...] ====================================================================== 6) Time Table 15/02/2003 - Vulnerability discovered 16/02/2003 - Further research 17/02/2003 - Vendor informed 19/02/2003 - Vendor confirmed and fixed vulnerability 26/02/2003 - Vendor released Opera v7.02 26/02/2003 - Public disclosure of vulnerability
Please note, that the Opera "Bork Edition", released on 14-Feb-2003,
calls itself on the "opera:about" page also "Opera 7.02" (build number
is "2658 Bork Edition"), but _is_ vulnerable. (Not tested, but it has
been released before the vulnerability was discovered... :-)
Kind regards, Axel Beckert
--
--------------------------------------------------------------
Axel Beckert ecos electronic communication services gmbh
IT-Securitylösungen * dynamische Webapplikationen * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: beckert () ecos de Voice: +49 6133 939-220
WWW: http://www.ecos.de/ Fax: +49 6133 939-333
--------------------------------------------------------------
| |
| Visit us at CeBIT from 12. to 19. March 2003 |
| Messe Hannover * Halle 17 * Stand F 36 |
| http://www.cebit.de/ |
| |
--------------------------------------------------------------
Current thread:
- Secunia Research: Opera browser Cross Site Scripting Jakob Balle (Feb 26)
- Re: Secunia Research: Opera browser Cross Site Scripting Axel Beckert - ecos gmbh (Feb 27)