Opera may execute command line embedded in URLs – Opera Security Advisories


Opera will execute command lines embedded in the URL when anotherprogram uses Opera to open a link. This affects UNIX versions ofOpera (Linux/FreeBSD/Solaris).

Severity: High

Problem description

Opera for UNIX uses a wrapper shell script to start up Opera.This shell script reads the input arguments, like the file namesor URLs that Opera is to open. It also performs some environmentchecks, for example whether Java is available and if so, where itis located.

This wrapper script can also run commands embedded in the URL,so that a specially crafted URL can make arbitrary commands runon the recipient’s machine. Users who have other programs setup to use Opera to open Web links are vulnerable to this flaw.For these users, clicking a Web link in for example OpenOffice.orgor Evolution can run a command that was put into the link.

Opera’s response

Opera has made a change to the wrapper script so that shellcommands fed to the script will no longer be executed.The updated wrapper script is included in Opera 8.51 whichwas released November 17, 2005.


Opera wishes to thank Secunia for bringing this issueto our attention.