Risk: Medium
Opera software has released a new version of their popular browser, which corrects several vulnerabilities.
Amongst the vulnerabilities are two reported by Security firm Secunia Research, one pertaining to the risk of cross-site scripting attacks while the other can be exploited to trick users into executing malicious files by spoofing the file extension in the file download dialog.
Cross-site scripting vulnerability:
The vulnerability is caused due to Opera allowing a user to drag e.g. an image, which is actually a "javascript:" URI, resulting in cross-site scripting if dropped over another site. This may also be used to populate a file upload form, resulting in uploading of arbitrary files to a malicious web site.
Successful exploitation requires that the user be tricked into dragging and dropping e.g. an image or a link.
The vulnerability has been confirmed in version 8.01. Prior versions may also be affected.
Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files.
File extension spoofing vulnerability:
The vulnerability is caused due to an error in the handling of extended ASCII codes in the download dialog. This can be exploited to spoof the file extension in the file download dialog via a specially crafted "Content-Disposition" HTTP header.
Successful exploitation may result in users being tricked into executing a malicious file via the download dialog, but requires that the "Arial Unicode MS" font (ARIALUNI.TTF) has been installed on the system.
NOTE: The "Arial Unicode MS" font is installed with various Microsoft Office distributions.
The vulnerability has been confirmed in version 8.01. Other versions may also be affected.