Hi!
Am Wed, Feb 26, 2003 at 04:00:55PM +0100, Jakob Balle schrieb:
> ======================================================================
> 2) Affected Software
>
> Following have been tested and found vulnerable:
> Opera prior to 7.02 on Windows
> [...]
>
> ======================================================================
> 5) Solution
>
> Vendor patch:
> Windows: Update to latest version. Opera v7.02 is not vulnerable.
> Linux: No update available.
> [...]
>
> ======================================================================
> 6) Time Table
>
> 15/02/2003 - Vulnerability discovered
> 16/02/2003 - Further research
> 17/02/2003 - Vendor informed
> 19/02/2003 - Vendor confirmed and fixed vulnerability
> 26/02/2003 - Vendor released Opera v7.02
> 26/02/2003 - Public disclosure of vulnerability
Please note, that the Opera "Bork Edition", released on 14-Feb-2003,
calls itself on the "opera:about" page also "Opera 7.02" (build number
is "2658 Bork Edition"), but _is_ vulnerable. (Not tested, but it has
been released before the vulnerability was discovered... :-)
Kind regards, Axel Beckert
--
--------------------------------------------------------------
Axel Beckert ecos electronic communication services gmbh
IT-Securitylösungen * dynamische Webapplikationen * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: beckert@ecos.de Voice: +49 6133 939-220
WWW: http://www.ecos.de/ Fax: +49 6133 939-333
--------------------------------------------------------------
| |
| Visit us at CeBIT from 12. to 19. March 2003 |
| Messe Hannover * Halle 17 * Stand F 36 |
| http://www.cebit.de/ |
| |
--------------------------------------------------------------
