SecuriTeam has reported -at http://www.securiteam.com/windowsntfocus/5YP0O2075S.html- that versions 6.01 and 6.02 of the Opera browser are affected by a vulnerability that could allow an intruder to read files on the hard disk of an affected system. As with all browsers today, Opera supports the <_ input type="file" _> (tem os _ para não aparecer o elemento) element, which is a standard method for uploading files to servers. As this is a very security-sensitive element, most web browsers do not allow its "value" attribute to be previously set (read only). If it was possible to assign an arbitrary string to the "value" attribute, an attacking server could fetch any local file by simply submitting a form (through scripting or social engineering, if scripting has been disabled). Opera's approach to the file element is a little different. The "value" attribute can be set, but before the form it resides in is submitted, a dialog comes up with the following warning: "The files listed below have been selected, without your intervention, to be sent to another computer. Do you want to send these files?". However, in versions 6.01 and 6.02 of Opera it is possible to by pass the confirmation dialog box, and so an attacker could obtain the files they wanted from the user without their knowledge.