Critical security hole in current version of Opera
Security expert José A. Vázquez has released details of a critical security hole in the Opera browser that can be exploited to inject malicious code. Vázquez says that he found the hole and notified the developers with a proof of concept a year ago. However, the expert said that Opera decided not to close the hole.
Vázquez thinks that the Opera developers might have tested his version 10.6 exploit with the current version 11.x, which may have caused the exploit to malfunction. Instead of contacting Opera again, Vázquez has adapted the exploit for the current version 11.51 of Opera and has released it as a Metasploit module. This means that, in principle, anyone can now exploit the vulnerability.
The hole is caused by a memory flaw when processing SVG content within framesets. Simply visiting a compromised web page is enough for a system to become infected with malicious code. Vazquez said that the exploit is successful in 3 out of 10 cases. With the pre-alpha version of Opera 12, the exploit managed to inject malicious code in 6 out of 10 cases.
By releasing the exploit, the security expert is forcing the browser developers into action. Opera will now have to respond in order to avoid exposing browser users to a virus threat for longer than is absolutely necessary. On their security blog, the Opera developers have so far not responded to the issue. A press inquiry by The H's associates at heise Security currently also remains unanswered.