Original URL: http://www.theregister.co.uk/2006/10/19/opera_security_bug/

Opera hit by buffer overflow glitch

Big links crash browser

By John Leyden

Posted in Security, 19th October 2006 16:17 GMT

Opera users are being urged to upgrade to a new version of the browser following the discovery of a potentially serious security bug.

The flaw means that vulnerable versions of the browsers will crash when visiting maliciously constructed web sites containing overly long (more than 256 bytes) URLs. Successful exploitation of this heap-based buffer overflow flaw creates a means for hackers to load malware onto the machines of visiting surfers.

The vulnerability affects versions 9.0 and 9.01 of Opera on Windows and Linux. Version 8.x of the browser software is not at risk to this particular flaw but rather than downgrading a better solution is to upgrade to version 9.02, as explained in Opera's advisory here. Opera described the flaw, discovered by security researcher firm iDefense, as "moderate". ®