Opera in minor security drama
Print storyIt ain't over till the buffer overflow is fixed...
Posted in Security, 22nd October 2003 20:07 GMT
Free whitepaper – Securing your online data transfer with SSL
Opera users are advised to update their browser software following the announcement of a potentially serious security problem this week.
Vulnerable versions of the Opera browser (prior to v7.21) are subject to a heap buffer overflow vulnerabilities that can cause the browser to crash when rendering certain HREFS.
Security consultancy @stake, which discovered the problem, warns that the flaw could be exploited to execute arbitrary code on vulnerable systems.
The Opera mail system is also potentially vulnerable.
Opera has released version 7.21 (available here) of its browser to fix the problem.
Exploit scenarios for the vulnerability – tempting users to visit a maliciously constructed website containing the problematic HTML or sending same messages containing the same exploit – will be all too familiar to long-suffering IE users, even if they're unfamiliar to Opera fans.
Although Opera is not without its vulnerabilities, the browser remains far less subject to flaws than IE. ®
Related Stories
Opera in fresh browser security drama
Phantom of the Opera
A fright at the Opera
Free whitepaper – Vulnerability management buyer's checklist
The future of SaaS and IT infrastructure management
The mandate for application security
Extended Validation SSL Certificates
Avoiding 7 common mistakes of IT security compliance
The best practices guide for application security
Google cloud told to encrypt itself
Buggy 'smart meters' open door to power-grid botnet
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive