‘Opera Download Dialog File Execution Security Vulnerability’
‘The information has been provided by Jakob Balle and Sven Krewitt.
The original article can be found at: http://secunia.com/secunia_research/2010-110/‘
* Opera version 10.53
* Opera version 10.54
* Opera version 10.60
* Opera version 10.61
The ‘Download’ dialog provides the option to run a downloadable executable at a predictable location in the browser window. This can be exploited to trick a user into clicking on the ‘Run’ button by positioning a new window on top of the ‘Download’ dialog that is closed e.g. via a timeout shortly before the user clicks on a link within this window.
15/07/2010 – Vendor notified.
15/07/2010 – Vendor response.
12/08/2010 – Public disclosure.’