Opera 9.26 closes three security holes
The Norwegian developers of the Opera web browser have released version 9.26 for Windows, MacOS, Linux, FreeBSD, and Solaris. The new release remedies three security vulnerabilities, one of which allows attackers to manipulate file input dialogues. When users enter a file name, attackers can cause certain input to be suppressed. As a result, users might upload a file they were not expecting.
Using a MouseEvent –
dispatchEvent, a "click" can be sent to an HTML file input element, allowing user input to be selectively captured. This could allow an attacker to construct an arbitrary file path that is subsequently used to upload a file of the attacker's choosing.
Opera has categorised the problem as only moderately dangerous. Nonetheless, the Norwegians were upset when Mozilla informed them of the flaw just one day before making the news public. The flaw has already been remedied in Firefox and SeaMonkey.
Another flaw can be exploited in cross-site scripting attacks, and a third can be used to execute arbitrary scripts via image properties. For more details, see the Opera change log.