Opera upgrade fixes browser flaw

By
Follow google news

Vulnerability tracking firm Secunia today reported a "highly critical" vulnerability in Opera, the alternative cross-platform web browser, that could lead to the execution of malicious code.


The buffer overflow flaw, reported Tuesday by researchers at US based security intelligence provider VeriSign iDefense, can be exploited when users click on "very large link addresses," according to an Opera Software advisory, which urged users to upgrade to the 9.02 version.
If the link is specially crafted, it could cause arbitrary code to run on a user's computer, according to the advisory. Otherwise, a normally long link could lead to a browser crash. For the attack to work, an attacker must dupe an unsuspecting user into visiting a website containing the malicious tag, which is code embedded in an HTML document that provides format instructions.
According to Secunia, the bug can be exploited by URLs that are longer than 256 bytes.
"A heap buffer with a constant size of 256 bytes is allocated to store the URL, and the tag's URL is copied into this buffer without sufficient bounds checking of its length," according to an iDefense public advisory.
The iDefense advisory said versions 9.0 and 9.01 - on both Windows and Linux operating systems - are vulnerable. Version 8 is not affected.
According to the latest statistics from OneStat.com, Opera has a 0.69 percent global market share and 0.61 percent in the United States. It is most popular in Australia, where it is the browser of choice for nearly 5 percent of web users.
Internet Explorer is still the dominant surfing software, employed by roughly 85 percent of the world's web users, according to recent reports.
Click here to email Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
browserfixesflawoperasecurityupgrade

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

Tasmanian gov agencies impacted by cyber attack

Tasmanian gov agencies impacted by cyber attack
Australian chief at US defence contractor L3Harris sold exploits to Russia

Australian chief at US defence contractor L3Harris sold exploits to Russia
Vic gov agencies flying blind on server security, audit finds

Vic gov agencies flying blind on server security, audit finds
Scores of Australian Cisco devices remain BADCANDY infected

Scores of Australian Cisco devices remain BADCANDY infected
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?