Download Opera 7.5 — Or Else Vulnerability Discovered in Earlier Editions Jim Wagner
Only hours after Norwegian Web browser company Opera announced version 7.5 was out of beta, a vulnerability affecting earlier iterations was published.
The flaw is a telnet URI handling vulnerability which, depending on the security access granted, could disable Opera. Security firm iDEFENSE reported the problem to Opera officials April 7.
Specifically, the vulnerability seizes on Opera's inability to check for the "-" when entering a hostname at the telnet prompt. So, if a user typed "-f," everything after would be used to create or overwrite a file in the Opera directory, possibly disabling the application. In Windows, the exploit overwrites files in the Opera directory; in Linux, it's possible to overwrite files in the user's home directory.
iDEFENSE experts say the vulnerability affects Opera v7.23 and likely all older versions, though it has only tested some of the versions and platforms Opera runs on.
While a workaround — by going into the "Protocols" section within "Preferences" and deleting "telnet" — is relatively easy, it might be even easier to download Opera 7.5, which is now available for free download. Opera officials say the vulnerability is fixed in the latest version, which spent all of 20 days in beta testing.
The beta, released April 22, marked the first time Opera developers released a working version on all the desktop platforms it supports — Windows, Linux, Mac, FreeBSD, and Solaris. The official release of Opera 7.5 includes the same versions.
At 3.5 MB, officials have packed new features into the new version, including an IRC-compatible chat client, RSS newsfeed support, and a spellchecker for the e-mail client. The Web browser also sports a revamped look and feel.
John von Tetzchner, Opera's CEO, called out the 90s-era technology used in the world's most popular Web browser, Microsoft's Internet Explorer (IE), as well as in the many standalone software applications that handle Opera's additional Internet functions.
"[IE] is an aged application that Microsoft has not given a major update in years, and according to press reports they are not planning to upgrade it in the near future," he said in a statement. "At the same time, most people's e-mail applications still function like it's 1994."
Opera users can go here for more information on the vulnerability and here to download the latest version of Opera.
