Feeds

Opera in fresh browser security drama

Soap Opera as browser slip ups crop up, again

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Opera today released a fix for a serious security flaw with its browser which could let crackers load and execute malicious code on victim's PCs.

The vulnerability, which involves both version 6.x and 7.x of the browser, revolves around incorrect handling of very long filenames in the Opera's Download Dialog box.

"This allows a malicious Web site to create a filename that causes a buffer overflow which can be exploited to execute arbitrary code," an advisory by security outfit Secunia explains.

"Exploits are in the wild for Windows," it warns.

A Download Dialog box can be spawned automatically, without user interaction, so the exploit is far more likely to trap unwary users. Secunia describes the risk as "extremely critical", with good reason.

Just as well than that Opera has promptly provided a fix (available here), within a day of the publication of Secunia's alert.

Opera users are strongly urged to upgrade to version 7.03 of the browser.

News of the Secunia vulnerability comes a month after another serious vulnerability with Opera 7, involving the browser's Java console, was plugged.

For many years Opera has had an impressive record for browser security. Even though Opera Software has responded with admirable speed to problems with its latest browser this enviable reputation must now be considered at risk, particularly if further problems emerge. ®

Related Stories

Opera fixes browser flaws
Phantom of the Opera
Opera releases version 7 of the 'other' browser
A fright at the Opera

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.