On mySimon: Christian Louboutin Very Prive Pumps
BNET Business Network:
BNET
TechRepublic
ZDNet

December 16th, 2008

'Extremely severe' vulnerabilities in Opera browser

Posted by Ryan Naraine @ 9:13 am

Categories: Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Patch Watch, Pen testing, Responsible disclosure, Viruses and Worms, Vulnerability research

Tags: Opera Software, Opera Browser, Vulnerability, Web Browser, XML, Security, Web Browsers, Software/Web Development, Web Development, Internet

Opera 9.6.3 plugs serious security holes Opera has released version 9.63 of its browser as a “recommended security upgrade” that fixes at least seven security vulnerabilities, some with serious risk implications.

The most serious of the flaws could lead to remote code execution if an Opera user is tricked into surfing to a maliciously rigged Web page.  Two of the bugs are rated “extremely severe” while three others are rated “highly severe.”

Details on the Opera 9.63 vulnerabilities:

  • Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code. Rated extremely severe.
  • Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be employed. Rated extremely severe.
  • Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remote Web pages cannot refer to file: URLs, so successful exploitation involves tricking users into manually opening the exploit URL, or a local file that refers to it. Rated highly severe.
  • When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information. Rated highly severe.
  • Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the security context of that site. Rated highly severe.
  • Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas. Details will be disclosed at a later date.
  • SVG images embedded using <img> tags can no longer execute Java or plugin content, suggested by Chris Evans.

Opera users are strongly encouraged to download and apply the newest version.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 12 Talkback(s)
All browsers are not insecure
Contrary to popular belief. They do have security vulnerabilities pop up every now and again, but the fact is that there is absolutely NADA you can do to prevent that. Even a program that you have tes... (Read the rest)
Posted by: Lerianis Posted on: 12/17/08 You are currently: a Guest | | Terms of Use
Now I could have sworn...  storm14k | 12/16/08
The myths are plenty....  daMan25 | 12/16/08
Exactly right which is why layered security a necessity  NonZealot | 12/16/08
I use....  daMan25 | 12/16/08
Just shows that even the supposedly most secure browser has flaws  nilotpal_c | 12/16/08
RE: 'Extremely severe' vulnerabilities in Opera browser  V@... | 12/16/08
RE: 'Extremely severe' vulnerabilities in Opera browser  kjgslg@... | 12/16/08
RE: 'Extremely severe' vulnerabilities in Opera browser  betelgeuse68 | 12/16/08
I avoid Opera  Anonymous Benefactor | 12/17/08
RE: 'Extremely severe' vulnerabilities in Opera browser  null | 12/17/08
So what's next above "Extremely Severe"?  Tfixer | 12/17/08
All browsers are not insecure  Lerianis | 12/17/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here