Feeds

Opera in fresh browser security drama

Soap Opera as browser slip ups crop up, again

  • alert
  • submit to reddit

Intelligent flash storage arrays

Opera today released a fix for a serious security flaw with its browser which could let crackers load and execute malicious code on victim's PCs.

The vulnerability, which involves both version 6.x and 7.x of the browser, revolves around incorrect handling of very long filenames in the Opera's Download Dialog box.

"This allows a malicious Web site to create a filename that causes a buffer overflow which can be exploited to execute arbitrary code," an advisory by security outfit Secunia explains.

"Exploits are in the wild for Windows," it warns.

A Download Dialog box can be spawned automatically, without user interaction, so the exploit is far more likely to trap unwary users. Secunia describes the risk as "extremely critical", with good reason.

Just as well than that Opera has promptly provided a fix (available here), within a day of the publication of Secunia's alert.

Opera users are strongly urged to upgrade to version 7.03 of the browser.

News of the Secunia vulnerability comes a month after another serious vulnerability with Opera 7, involving the browser's Java console, was plugged.

For many years Opera has had an impressive record for browser security. Even though Opera Software has responded with admirable speed to problems with its latest browser this enviable reputation must now be considered at risk, particularly if further problems emerge. ®

Related Stories

Opera fixes browser flaws
Phantom of the Opera
Opera releases version 7 of the 'other' browser
A fright at the Opera

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.