Opera users are advised to update their browser software following the announcement of a potentially serious security problem this week.

Vulnerable versions of the Opera browser (prior to v7.21) are subject to a heap buffer overflow vulnerabilities that can cause the browser to crash when rendering certain HREFS.

Security consultancy @stake, which discovered the problem, warns (http://www.atstake.com/research/advisories/2003/a102003-1.txt) that the flaw could be exploited to execute arbitrary code on vulnerable systems.

The Opera mail system is also potentially vulnerable.

Opera has released version 7.21 (available here (http://www.opera.com/download)) of its browser to fix the problem.

Exploit scenarios for the vulnerability – tempting users to visit a maliciously constructed website containing the problematic HTML or sending same messages containing the same exploit – will be all too familiar to long-suffering IE users, even if they're unfamiliar to Opera fans.

Although Opera is not without its vulnerabilities, the browser remains far less subject to flaws than IE. ®

Related Stories

Opera in fresh browser security drama (http://www.theregister.co.uk/content/archive/29740.html)
Phantom of the Opera (http://www.theregister.co.uk/content/archive/29177.html)
A fright at the Opera (http://www.theregister.co.uk/content/archive/22949.html)