Two problems were found in the Opera Mail client.
- Attached files are opened without any warnings directly from the
user's cache directory. This can be exploited to execute arbitrary
- Normally, filename extensions are determined by the "Content-Type"
in Opera Mail. However, by appending an additional '.' to the end of
a filename, an HTML file could be spoofed to be e.g. "image.jpg.".
The two vulnerabilities combined may be exploited to conduct script
insertion attacks if the user chooses to view an attachment named
e.g. "image.jpg." e.g. resulting in disclosure of local files.