madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

'Highly critical' flaw found in Opera browser

By | March 8, 2010, 12:12pm PST

Summary: Security researchers are sounding the alarm for an unpatched, remote code execution flaw in the Opera Web browser.

Security researchers are sounding the alarm for an unpatched, remote code execution flaw in the Opera Web browser.

The vulnerability, rated “highly critical” by Secunia, can be exploited by malicious people to take complete control a user’s system.

From Secunia’s advisory:

The vulnerability is caused due to an error when processing HTTP responses having a malformed “Content-Length” header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit “Content-Length” value, having the higher 32-bit part negative.

The vulnerability is confirmed in version 10.50 for Windows. Other versions may also be affected.

In the absence of a patch, Opera users are urged to avoid browsing to untrusted Web sites or switch to an alternative browser.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Opera Browser, Flaw, Vulnerability, Opera Software ASA, Web Browser, Secunia, Web Browsers, Security, Internet, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 46 Talkback(s)

  • Just a novice opinion but....
    ...seems like this mistake was staring them right in the face...
    ZDNet Gravatar
    storm14k
    8th Mar 2010
  • Sounds like a two's complement bug?

    From Secunia?s advisory:

    The vulnerability is caused due to an error when processing HTTP responses having a malformed ?Content-Length? header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit ?Content-Length? value, having the higher 32-bit part negative.



    Google: http://www.google.com/search?q=two%27s+complement
    Results 1 - 10 of about 203,000 for two's complement. (0.29 seconds)

    Pretty basic I suppose?
    ZDNet Gravatar
    WinTard
    8th Mar 2010
  • Agreed! Most basic fuzzing should have caught this. And no sandbox!
    Speaks volumes about Operas quality control.

    I mean, this header is the *first* you would try
    to tamper with as it is practically *always* there
    and has a bearing on buffer sizes etc.

    And Opera (like Firefox) does not see importance
    in separating privileged operations from
    unprivileged ones to accommodate a proper sandbox.
    ZDNet Gravatar
    honeymonster
    9th Mar 2010
  • On the contrary..
    ..it's harder to get a website to serve up bogus headers than it is to just get a little JavaScript snippet somewhere in the body.
    Which is how most of the countless IE exploits work.
    ZDNet Gravatar
    AzuMao
    9th Mar 2010
  • RE: 'Highly critical' flaw found in Opera browser
    Hah! Take that Opera! I continue to laugh at you!
    ZDNet Gravatar
    Loverock Davidson
    8th Mar 2010
  • But take heart Opera
    Everyone continues to laugh at Loverock too.
    ZDNet Gravatar
    Viva la crank dodo
    8th Mar 2010
  • You must laugh at least 100 times as hard at IE, then, surely?
    Not only does it have way more vulnerabilities, you actually have to pay for that shit. LOL!
    ZDNet Gravatar
    AzuMao
    8th Mar 2010
  • Not only wrong but not even good FUD
    a) IE is comparably as secure as opera, both way ahead of FF.
    b) IE is vastly superior to Opera against phishing.
    c) IE is free.
    ZDNet Gravatar
    Johnny Vegas
    8th Mar 2010
    • Flagged
  • Try again.
    a/b) I'm not talking about the user from going to evilphisher.com and giving them his password, I'm talking about the browser automatically executing malicious code without permission.

    c) No it's not. It's part of the Windows OS, which you must pay to install and use. Ergo not free.
    ZDNet Gravatar
    AzuMao
    8th Mar 2010
  • Dont need to. Your FUD is weak.
    IE and Opera are about equal on (a) and IE is much better on (b), which is how most machines get compromised.

    As for c try downloading IE and see how much it costs you. Answer: same as Opera. Did you claim Java or Flash weren't free when they were bundled with Windows?
    ZDNet Gravatar
    Johnny Vegas
    8th Mar 2010
  • Correction; your straw-man is weak.
    Flash and Java aren't (and never were) part of Windows.
    You didn't have to buy Windows to use them.
    You can download a free OS (such as one of the UNIX-like ones), and use it fine on that.

    IE, on the other hand, is only as free as the engine that comes "for free" when you buy a car.
    If you don't buy the car, you don't get the engine.

    And no, most machines do not get compromised from phishing.
    ZDNet Gravatar
    AzuMao
    8th Mar 2010
  • Not sure what your definition of straw man is
    but I don't see you addressing one.

    I'm no IE fan but his argument regarding IE being free is for all intents accurate from a consumers standpoint. True the cost of development may be built in to the OS price but there is no refund for not taking it and the EU was not going to have MS be refunded should users choose another browser. Further, have you ever paid to upgrade to the latest IE like you would for other MS (or non-MS) products? When MAC users could download IE, it was for all intents free as well as far as the consumer is concerned.
    If you ever buy a car without an engine, do you think the price would be the same? If so, I'd like to talk business with you.
    ZDNet Gravatar
    Viva la crank dodo
    9th Mar 2010
  • @Viva la crank dodo
    Just like you don't get a refund for taking the engine out of a car you bought. So what?

    Solution; don't buy the car (don't buy Windows).


    I'm pretty sure none of the Mac OSs were ever free, either. And they definitely weren't during the (extremely short) period of time that IE ran on Mac.
    ZDNet Gravatar
    AzuMao
    9th Mar 2010
  • Just Great!
    I dumped FF, dumped IE, because of the bad news I've been reading on here, only to find Opera is right down there with 'em - Ugh!
    ZDNet Gravatar
    KarenSeb
    8th Mar 2010
  • Nothing's perfect.
    Just because none of them are perfect doesn't make it fair to compare them to absolute garbage like IE.
    ZDNet Gravatar
    AzuMao
    8th Mar 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here