Feeds

Opera in minor security drama

It ain't over till the buffer overflow is fixed...

  • alert
  • submit to reddit

Security for virtualized datacentres

Opera users are advised to update their browser software following the announcement of a potentially serious security problem this week.

Vulnerable versions of the Opera browser (prior to v7.21) are subject to a heap buffer overflow vulnerabilities that can cause the browser to crash when rendering certain HREFS.

Security consultancy @stake, which discovered the problem, warns that the flaw could be exploited to execute arbitrary code on vulnerable systems.

The Opera mail system is also potentially vulnerable.

Opera has released version 7.21 (available here) of its browser to fix the problem.

Exploit scenarios for the vulnerability – tempting users to visit a maliciously constructed website containing the problematic HTML or sending same messages containing the same exploit – will be all too familiar to long-suffering IE users, even if they're unfamiliar to Opera fans.

Although Opera is not without its vulnerabilities, the browser remains far less subject to flaws than IE. ®

Related Stories

Opera in fresh browser security drama
Phantom of the Opera
A fright at the Opera

Beginner's guide to SSL certificates

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.