November 23rd, 2009

Opera patches 'extremely severe' security hole

Posted by Ryan Naraine @ 12:24 pm

Categories: Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Hackers, Malware, Passwords, Patch Watch, Responsible disclosure

Tags: Opera Software ASA, Patch Management, Error Message, Patches, Security, Ryan Naraine

Opera has shipped a new version of its browser to fix three security vulnerabilities, one rated “extremely severe.”

The most serious flaw could allow a malicious attacker to take complete control of a system, Opera said in an advisory.

The skinny:

Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. This also affects the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed.

A second flaw, rated “highly severe,” could allow error messages to leak onto unrelated sites

Scripting error messages are normally available only to the page that caused the error. In some cases, the error messages could be passed to other sites as the contents of unrelated variables, and may contain sensitive information. If those sites write the content into the page markup, this could allow cross-site scripting, using code provided by the attacking site. This issue only affects installations that have enabled stacktraces for exceptions, these are disabled by default.

Opera also patched a third “moderately severe” flaw but details on this issue were not released.

Opera users should immediately upgrade to version 10.10 which includes the patches for these issues.