1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

vulnerabilidades no Opera

Discussão em 'Windows Desktop e Surface' iniciada por Andr0m3da, 29 de Maio de 2002. (Respostas: 6; Visualizações: 1473)

  1. Andr0m3da

    Andr0m3da Power Member

    SecuriTeam has reported -at
    http://www.securiteam.com/windowsntfocus/5YP0O2075S.html- that versions 6.01
    and 6.02 of the Opera browser are affected by a vulnerability that could
    allow an intruder to read files on the hard disk of an affected system.

    As with all browsers today, Opera supports the <_ input type="file" _> (tem os _ para não aparecer o elemento) element,
    which is a standard method for uploading files to servers. As this is a very
    security-sensitive element, most web browsers do not allow its "value"
    attribute to be previously set (read only). If it was possible to assign an
    arbitrary string to the "value" attribute, an attacking server could fetch
    any local file by simply submitting a form (through scripting or social
    engineering, if scripting has been disabled).

    Opera's approach to the file element is a little different. The "value"
    attribute can be set, but before the form it resides in is submitted, a
    dialog comes up with the following warning: "The files listed below have
    been selected, without your intervention, to be sent to another computer. Do
    you want to send these files?". However, in versions 6.01 and 6.02 of Opera
    it is possible to by pass the confirmation dialog box, and so an attacker
    could obtain the files they wanted from the user without their knowledge.
     
  2. Kr0n0

    Kr0n0 Power Member

    eu ja nao uso o opera desde a versao 4
    o browser e bem fixe, com muita potencia, mas deixei de usar pork akilo crachava-me sempre no win98se :(

    o ie tambem nao e melhor escolha

    entao o k resta o lynx ? :\

    andr0... k browser e k usas no windows? (no linux presumo k seja o mozzilla)
     
  3. gutter

    gutter Power Member

    Tou agora com o Mozilla 1.0 e estou a gostar. Ja nao esta tão pesado como estava as versoes anteriores do mozilla e netscape. Experimentem.

    O ie é de uma instabilidade louca, crasha demasiado
     
  4. Praetor

    Praetor Power Member

    mozilla 1.1 alpha. é melhor verem isto porque é muiiiiiiiiiiiiiiiiiiito melhor que o IE :)
     
  5. zer0

    zer0 [email protected] Member

    o opera ja vai na 6.03 faz algum tempo, por isso :P
     
  6. Tafinho

    Tafinho Power Member


    Usa o links , text-based com suporte para frames :)
     
  7. AwakE

    AwakE Banido

    O mozilla tá melhor? o que eu utilizava no linux era um m****. Pesado até dizer chega... Konqueror Rula
     

Partilhar esta Página