Re: Secunia Research: Opera browser Cross Site Scripting
From: Axel Beckert - ecos gmbh (beckert@ecos.de)
Date: 02/27/03
- Previous message: Mandrake Linux Security Team: "MDKSA-2003:026 - Updated shadow-utils packages fix improper mailspool ownership"
- In reply to: Jakob Balle: "Secunia Research: Opera browser Cross Site Scripting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Feb 2003 15:35:49 +0100 From: Axel Beckert - ecos gmbh <beckert@ecos.de> To: bugtraq@securityfocus.com
Hi!
Am Wed, Feb 26, 2003 at 04:00:55PM +0100, Jakob Balle schrieb:
> ======================================================================
> 2) Affected Software
>
> Following have been tested and found vulnerable:
> Opera prior to 7.02 on Windows
> [...]
>
> ======================================================================
> 5) Solution
>
> Vendor patch:
> Windows: Update to latest version. Opera v7.02 is not vulnerable.
> Linux: No update available.
> [...]
>
> ======================================================================
> 6) Time Table
>
> 15/02/2003 - Vulnerability discovered
> 16/02/2003 - Further research
> 17/02/2003 - Vendor informed
> 19/02/2003 - Vendor confirmed and fixed vulnerability
> 26/02/2003 - Vendor released Opera v7.02
> 26/02/2003 - Public disclosure of vulnerability
Please note, that the Opera "Bork Edition", released on 14-Feb-2003,
calls itself on the "opera:about" page also "Opera 7.02" (build number
is "2658 Bork Edition"), but _is_ vulnerable. (Not tested, but it has
been released before the vulnerability was discovered... :-)
Kind regards, Axel Beckert
-- -------------------------------------------------------------- Axel Beckert ecos electronic communication services gmbh IT-Securitylösungen * dynamische Webapplikationen * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: beckert@ecos.de Voice: +49 6133 939-220 WWW: http://www.ecos.de/ Fax: +49 6133 939-333 -------------------------------------------------------------- | | | Visit us at CeBIT from 12. to 19. March 2003 | | Messe Hannover * Halle 17 * Stand F 36 | | http://www.cebit.de/ | | | --------------------------------------------------------------
- Next message: Haluk AYDIN: "Ecardis Password Reseting Vulnerability"
- Previous message: Mandrake Linux Security Team: "MDKSA-2003:026 - Updated shadow-utils packages fix improper mailspool ownership"
- In reply to: Jakob Balle: "Secunia Research: Opera browser Cross Site Scripting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
