March 3rd, 2009

Opera plugs security holes; adds ASLR, DEP support

Posted by Ryan Naraine @ 6:45 am

Categories: Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Microsoft, Passwords, Patch Watch, Responsible disclosure, Vulnerability research

Tags: Opera Software, Data Execution Prevention, Security, Viruses And Worms, Ryan Naraine

Opera Software has shipped a high-priority security patch for its flagship Web browser to plug at least three vulnerabilities that expose Windows users to code execution and cross-domain scripting attacks.

The Opera 9.64 upgrade also adds support for DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), two anti-exploitation mechanisms that helps to limit the damage from malware attacks on the Windows platform.

Opera has only released details on one of the three security vulnerabilities, which was discovered and reported by Google’s Tavis Ormandy.

• Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code.

Opera said the update also fixes an issue where plug-ins could be used to allow cross domain scripting and a third “moderately severe” issue that remains a mystery.

“Details will be disclosed at a later date,” the company said.

* Image source: andyket’s Flickr photostream (Creative Commons 2.0)