In association with heise online

24 January 2011, 12:20

Critical vulnerability in Opera web browser

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Opera Logo French security services provider VUPEN has reported a critical security vulnerability in Opera which could allow crafted web pages to infect Windows systems with malware. The problem is said to be caused by a bug in opera.dll when processing HTML files containing select elements that have a large number of child elements.

The bug was first reported by security researcher Jordi Chancel in early January, but he only succeeded in exploiting it to crash the browser. VUPEN appears to have succeeded in developing an exploit to inject and execute code and has therefore classified the problem as critical. The bug has been confirmed in Opera 11.00 and earlier and 10.63 and earlier for Windows 7 and XP SP3. At present there's no patch or update for the problem.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit