Security hole in Opera
Security company iDefense Labs has discovered a security hole in the Opera web browser. The company claims that a buffer overflow can occur during the processing of long URLs through which attackers can execute arbitrary code with the rights of the Opera user. The browser's maker is classifying the risk as no more than moderate, however, admitting only of a potential crash.
iDefense claims that Opera 9.0 and 9.01 use a buffer with a fixed size of 256 bytes for copying addresses during the processing of URLs in HTML tags. No boundary checking is performed. This allows attackers to use specially prepared images and overlong URLs to achieve sufficient control of the heap to plant and execute malicious software.
On 22 September, Opera Software released Opera 9.02 for download. That new version of the browser no longer contains the flaw. Users of previous versions should update to the new version as soon as possible.
- Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability, advisory from iDefense
- Very large link addresses can cause Opera to crash, advisory from Opera Software
- A Heap of Risk, background article on heap-based buffer overflows, from heise Security
- Download of Opera 9.02, which does not contain the flaw
(ehe)