GreyMagic published five new advisories today, specifying severe flaws in the new version of the Opera web browser, which was released just last week.
Three of the vulnerabilities are rated critical, as they allow full read access to the user's file system, including the ability to list contents of directories, read files, access emails and much more. They are Opera's Security Model is Highly Vulnerable, Phantom of the Opera and Opera Images.
The two last vulnerabilities are not as critical, but they're pretty severe as well. Opera exposes sensitive private information about the user by making it possible for a web site to access URLs that the user had last visited. They are
Opera: What's Next and
Sniffing Opera's Tracks.
Full details and demonstrations (along with a little bonus) are available at the links above.
UPDATE: Opera once again lived up to its excellent response record and released version 7.01, only 5 days after initial notification. The new version appears to fix all of the reported issues. Upgrade as soon as possible.
