In association with heise online

06 January 2007, 13:54

Opera patched in secret

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As Opera Software has announced in recent security notices, version 9.10 of Opera, which was released in mid December, remedies two critical errors that attackers can use to inject and execute code.

JPEG images can be specially prepared to cause a buffer overflow on the heap. Even though Opera suggests in the heading to its security notice that this problem only causes the browser to crash, the flaw can nonetheless be exploited to inject and execute code. Security service provider iDefense, which reported the hole to Opera, has confirmed this.

The same holds true for a flawed type conversion in the JavaScript support for Scalable Vector Graphics (SVG). Attackers can specially call the function createSVGTransformFromMatrix to have the browser execute code with the user's rights.

The vendor has categorized both of the holes as merely "moderate". The firm argues that it is not easy to exploit the heap overflow consistently. And the SVG problem does not occur if users have disabled JavaScript. Apparently, the fact that attackers can exploit this holes to install spyware when a surfer visits a prepared website, obviuosly does not suffice for the flaw to be categorized as important, much less critical.

In both cases, both the Windows and the Linux version of Opera 9.02 are affected, as older versions probably are, too. The change log for Opera 9.10 does not contain any indication of these vulnerabilities in the section on security. Instead, the release seems to have been sold as a cosmetic matter, which may have led a number of users to postpone the update. Now, it seems that everyone should update immediately.

See also:

(trk)

Print Version | Send by email | Permalink: http://h-online.com/-732066
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit