Opera users on *nix platforms are been urged to update their browser software following the discovery of a security flaw that creates a means for hackers to compromise vulnerable systems.

The vulnerability stems from a security flaw in a shell script used by Opera to safely parse shell commands. That means Opera on Unix might execute a command line embedded in a URL. Exploitation would involve tricking users of applications that uses Opera as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4) into following a malicious link. The vulnerability can only be exploited on Unix / Linux based environments, according to security notification firm Secunia.

The vulnerability has been confirmed in version 8.5 on Red Hat Enterprise Linux 4. Other versions and platforms may also be affected. Users are urged to update to version 8.51 to defend against attack. Opera's advisory can be found here. ®

Related stories

• Opera hit by buffer overflow glitch (19 October 2006)

  https://www.theregister.com/2006/10/19/opera_security_bug/

• Browser developers team up to thwart hackers (23 November 2005)

  https://www.theregister.com/2005/11/23/browser_security_summit/

• Firefox gains ground on IE (3 November 2005)

  https://www.theregister.com/2005/11/03/browser_survey/

• Opera tunes up to overtake Firefox (30 September 2005)

  https://www.theregister.com/2005/09/30/opera_strategy/

• Ssshhh! Opera slips out security update (17 June 2005)

  https://www.theregister.com/2005/06/17/opera_security_update/

• Opera beefs up browser to thwart phishers (28 February 2005)

  https://www.theregister.com/2005/02/28/opera_eight_beta/