'Extremely severe' vulnerabilities in Opera browser

'Extremely severe' vulnerabilities in Opera browser

Summary: Opera has released version 9.63 of its browser as a "recommended security upgrade" that fixes at least seven security vulnerabilities, some with serious risk implications.

SHARE:

Opera 9.6.3 plugs serious security holes Opera has released version 9.63 of its browser as a "recommended security upgrade" that fixes at least seven security vulnerabilities, some with serious risk implications.

The most serious of the flaws could lead to remote code execution if an Opera user is tricked into surfing to a maliciously rigged Web page.  Two of the bugs are rated "extremely severe" while three others are rated "highly severe."

Details on the Opera 9.63 vulnerabilities:

  • Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code. Rated extremely severe.
  • Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be employed. Rated extremely severe.
  • Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remote Web pages cannot refer to file: URLs, so successful exploitation involves tricking users into manually opening the exploit URL, or a local file that refers to it. Rated highly severe.
  • When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information. Rated highly severe.
  • Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the security context of that site. Rated highly severe.
  • Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas. Details will be disclosed at a later date.
  • SVG images embedded using <img> tags can no longer execute Java or plugin content, suggested by Chris Evans.

Opera users are strongly encouraged to download and apply the newest version.

Topics: Software Development, Browser, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Now I could have sworn...

    ...that on the thread listing FF as insecure that someone said FF had been exposed and Opera was the real secure browser lol.
    storm14k
    • The myths are plenty....

      Most just use their emotions to categorize these things instead of logic. In their heads it is safer, thats as far as it goes. These tech talkers need to wake up to the real world. All the browsers a latent with holes. Every single one of them, oh except Safari because Apple said it was designed from day one with security in mind. Right.
      OhTheHumanity
      • Exactly right which is why layered security a necessity

        Knowing that it is a [b]given[/b] that all browsers are woefully insecure, what can a poor user do about it? Turns out that you can do quite a bit by running your browser with even fewer rights than you are currently logged in with. AppArmor is the best solution and protects Firefox by default on any SUSE desktop. Vista's Protected Mode is also a good solution and protects IE7 by default on any Vista desktop. There is no default protection for any browser on the OS X platform.

        [b]Neither of these solutions close any vulnerabilities.[/b] Remember, it is a given that all browsers have gaping vulnerabilities. The goal is to minimize the damage that can be done through current [b]and future[/b] vulnerabilities in the browser. *nix server admins have been doing this for years by running knowingly broken software like BIND in a chroot environment.
        NonZealot
        • I use....

          Group Policy to lock down the browsers, which gives you a whole host of things you can set and restrict. They also only run as users, so I feel pretty confident about the protections in place here. I get some complaints about it being so locked down, but I don't care, if they can do their job then I can live with the piece of mind that I don't have to worry about the users mucking up the systems. Its actually a pretty easy solution. Also web site blocking comes in handy as well.
          OhTheHumanity
  • Just shows that even the supposedly most secure browser has flaws

    Browsers, by dint of their job, interact with insecure zones and are inherently insecure. That is why it is necessary to run the browser with restricted rights, if possible (non-zealot has mentioned app armor , which is a good solution, the protected mode in Vista, other workarounds like drop my rights in XP or DEP) . The solutions I apply, if in a paranoid mood, are to run the browser on a virtual OS or in a separate user account meant just for browsing.However, general users also have to be educated about safe ways to browse: e.g disable plugins globally except for a few sites where you really need it. Opera is perhaps the best standalone choice for its configurability and securability, but Firefox with NoScript as well as Internet Explorer or Sea Monkey is also good, sadly which cannot be held true of the default Firefox browser or Safari or Chrome.
    nilotpal_c
  • RE: 'Extremely severe' vulnerabilities in Opera browser

    The rush to provide Rich Internet Applications is completely undermining browser security. Older browser versions are likely to be more secure than any that support DHTML.
    V@...
  • RE: 'Extremely severe' vulnerabilities in Opera browser

    Im glad to see a faster responce to vulnerabilities than most browser providers. Im not even going to go into MS for response time.
    kjgslg@...
  • RE: 'Extremely severe' vulnerabilities in Opera browser

    Hallelujah! Someone who posted and actually *knew* what they were talking about on the topic of browser security, specifically applying the principle of least privilege.

    To the end you speak of:

    http://www.download.com/RemoveAdmin/3000-2381_4-10824971.html?tag=mncol&cdlPid=10835515

    RemoveAdmin is a utility to strip administrative rights off apps as they're launched under Windows XP and Windows 2000 where unfortunately 99.9% of home users run with administrative rights.

    The default RemoveAdmin installer creates shortcuts for IE and Firefox but if you analyze the shortcut, you see IE and Firefox are passed as an argument to the removeAdmin.exe program.

    You can trivially setup another shortcut for Opera and/or any other Internet facing application... as you should since as you elude to, you can't trust foreign computer systems you connect to.

    -M
    betelgeuse68
  • I avoid Opera

    I have tried Opera a number of times, since the days they used to charge money for it.
    But each time they came out with a significant update, and I gave it a try, I experienced a lot of crashes and incompatibility with major web sites.
    This is on various machines, so its not just my PC.

    So now Opera (SeaMonkey is better), like Ubuntu (Vector Linux is better), and OpenOffice (Thinkfree, google docs, zoho are better), have been relegated to my 'no longer paying attention to their updates,' category and I'm no longer interested in their product.

    Good luck
    Anonymous Benefactor
  • RE: 'Extremely severe' vulnerabilities in Opera browser

    Service Temporarily Unavailable

    http://opera.releasenotes.org/mac/963/Opera_9.63_Setup_Intel.dmg
  • So what's next above "Extremely Severe"?

    Do we get to "Super Severe," maybe, then "Really, REALLY Severe," then go on to "Sorta Critical," "Pretty Critical," "Highly Critical," and so on until we get all the way to "Whoa, Nelly"? It would be nice to have some sort of consistency to these urgency levels for those of us out here in the darkness that don't immerse ourselves in all things IT 24/7.
    Tfixer
  • All browsers are not insecure

    Contrary to popular belief. They do have security vulnerabilities pop up every now and again, but the fact is that there is absolutely NADA you can do to prevent that. Even a program that you have tested for 20 YEARS, writing it so that you think you have fixed all the holes in it and you put it out.... someone who is smart enough (same as or smarter than you) is going to find a hole of SOME kind in it that they can exploit.

    That is why we have to start cracking down on the people who use exploits for their own personal gain, and I mean literally cracking their hands with a sledgehammer.
    Lerianis
  • RE: 'Extremely severe' vulnerabilities in Opera browser

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut