The buffer overflow flaw, reported Tuesday by researchers at US based security intelligence provider VeriSign iDefense, can be exploited when users click on "very large link addresses," according to an Opera Software advisory, which urged users to upgrade to the 9.02 version.
If the link is specially crafted, it could cause arbitrary code to run on a user's computer, according to the advisory. Otherwise, a normally long link could lead to a browser crash. For the attack to work, an attacker must dupe an unsuspecting user into visiting a website containing the malicious tag, which is code embedded in an HTML document that provides format instructions.
According to Secunia, the bug can be exploited by URLs that are longer than 256 bytes.
"A heap buffer with a constant size of 256 bytes is allocated to store the URL, and the tag's URL is copied into this buffer without sufficient bounds checking of its length," according to an iDefense public advisory.
The iDefense advisory said versions 9.0 and 9.01 - on both Windows and Linux operating systems - are vulnerable. Version 8 is not affected.
According to the latest statistics from OneStat.com, Opera has a 0.69 percent global market share and 0.61 percent in the United States. It is most popular in Australia, where it is the browser of choice for nearly 5 percent of web users.
Internet Explorer is still the dominant surfing software, employed by roughly 85 percent of the world's web users, according to recent reports.
Click here to email Dan Kaplan.
Opera upgrade fixes browser flaw
By Dan Kaplan on Oct 18, 2006 4:47PM