Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

'Highly critical' flaw found in Opera browser

By Ryan Naraine | March 8, 2010, 12:12pm PST

Summary

Security researchers are sounding the alarm for an unpatched, remote code execution flaw in the Opera Web browser.

Topics

Opera Browser, Flaw, Vulnerability, Opera Software ASA, Web Browser, Secunia, Web Browsers, Security, Internet, Ryan Naraine

Blogger Info

Ryan Naraine

Biography

Ryan Naraine

Ryan Naraine
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Dancho Danchev

Biography

Dancho Danchev

Dancho Danchev
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter
Vendor HotSpot
Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Security researchers are sounding the alarm for an unpatched, remote code execution flaw in the Opera Web browser.

The vulnerability, rated “highly critical” by Secunia, can be exploited by malicious people to take complete control a user’s system.

From Secunia’s advisory:

The vulnerability is caused due to an error when processing HTTP responses having a malformed “Content-Length” header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit “Content-Length” value, having the higher 32-bit part negative.

The vulnerability is confirmed in version 10.50 for Windows. Other versions may also be affected.

In the absence of a patch, Opera users are urged to avoid browsing to untrusted Web sites or switch to an alternative browser.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

More from “Zero Day”

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion

Talkback Most Recent of 45 Talkback(s)

  • Just a novice opinion but....
    ...seems like this mistake was staring them right in the face...
    ZDNet Gravatar
    storm14k
    03/08/2010 12:23 PM
  • Sounds like a two's complement bug?
    [quote]From Secunia?s advisory:

    The vulnerability is caused due to an error when processing HTTP responses having a malformed ?Content-Length? header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit ?Content-Length? value, having the higher 32-bit part negative.    [/quote]

    Google: http://www.google.com/search?q=two%27s+complement
    Results 1 - 10 of about 203,000 for two's complement. (0.29 seconds)

    Pretty basic I suppose?
    ZDNet Gravatar
    WinTard
    03/08/2010 01:58 PM
  • Agreed! Most basic fuzzing should have caught this. And no sandbox!
    Speaks volumes about Operas quality control.

    I mean, this header is the *first* you would try
    to tamper with as it is practically *always* there
    and has a bearing on buffer sizes etc.

    And Opera (like Firefox) does not see importance
    in separating privileged operations from
    unprivileged ones to accommodate a proper sandbox.
    ZDNet Gravatar
    honeymonster
    03/09/2010 01:57 AM
  • On the contrary..
    ..it's harder to get a website to serve up bogus headers than it is to just get a little JavaScript snippet somewhere in the body.
    Which is how most of the countless IE exploits work.
    ZDNet Gravatar
    AzuMao
    03/09/2010 12:38 PM
  • RE: 'Highly critical' flaw found in Opera browser
    Hah! Take that Opera! I continue to laugh at you!
    ZDNet Gravatar
    Loverock Davidson
    03/08/2010 12:39 PM
  • But take heart Opera
    Everyone continues to laugh at Loverock too.
    ZDNet Gravatar
    Viva la crank dodo
    03/08/2010 01:13 PM
  • You must laugh at least 100 times as hard at IE, then, surely?
    Not only does it have way more vulnerabilities, you actually have to pay for that shit. LOL!
    ZDNet Gravatar
    AzuMao
    03/08/2010 03:11 PM
  • Not only wrong but not even good FUD
    a) IE is comparably as secure as opera, both way ahead of FF.
    b) IE is vastly superior to Opera against phishing.
    c) IE is free.
    ZDNet Gravatar
    Johnny Vegas
    03/08/2010 06:23 PM
    • Flagged
  • Try again.
    a/b) I'm not talking about the user from going to evilphisher.com and giving them his password, I'm talking about the browser automatically executing malicious code without permission.

    c) No it's not. It's part of the Windows OS, which you must pay to install and use. Ergo not free.
    ZDNet Gravatar
    AzuMao
    (Edited: 03/08/2010 06:34 PM)
  • Dont need to. Your FUD is weak.
    IE and Opera are about equal on (a) and IE is much better on (b), which is how most machines get compromised.

    As for c try downloading IE and see how much it costs you. Answer: same as Opera. Did you claim Java or Flash weren't free when they were bundled with Windows?
    ZDNet Gravatar
    Johnny Vegas
    03/08/2010 06:44 PM
  • Correction; your straw-man is weak.
    Flash and Java aren't (and never were) part of Windows.
    You didn't have to buy Windows to use them.
    You can download a free OS (such as one of the UNIX-like ones), and use it fine on that.

    IE, on the other hand, is only as free as the engine that comes "for free" when you buy a car.
    If you don't buy the car, you don't get the engine.

    And no, most machines do not get compromised from phishing.
    ZDNet Gravatar
    AzuMao
    03/08/2010 07:52 PM
  • Not sure what your definition of straw man is
    but I don't see you addressing one.

    I'm no IE fan but his argument regarding IE being free is for all intents accurate from a consumers standpoint. True the cost of development may be built in to the OS price but there is no refund for not taking it and the EU was not going to have MS be refunded should users choose another browser. Further, have you ever paid to upgrade to the latest IE like you would for other MS (or non-MS) products? When MAC users could download IE, it was for all intents free as well as far as the consumer is concerned.
    If you ever buy a car without an engine, do you think the price would be the same? If so, I'd like to talk business with you.
    ZDNet Gravatar
    Viva la crank dodo
    (Edited: 03/09/2010 01:05 PM)
  • @Viva la crank dodo
    Just like you don't get a refund for taking the engine out of a car you bought. So what?

    Solution; don't buy the car (don't buy Windows).


    I'm pretty sure none of the Mac OSs were ever free, either. And they definitely weren't during the (extremely short) period of time that IE ran on Mac.
    ZDNet Gravatar
    AzuMao
    03/09/2010 01:31 PM
  • Just Great!
    I dumped FF, dumped IE, because of the bad news I've been reading on here, only to find Opera is right down there with 'em - Ugh!
    ZDNet Gravatar
    KarenSeb
    03/08/2010 01:01 PM
  • Nothing's perfect.
    Just because none of them are perfect doesn't make it fair to compare them to absolute garbage like IE.
    ZDNet Gravatar
    AzuMao
    03/08/2010 03:12 PM
View More Comments

Talkback - Tell Us What You Think

advertisement

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
advertisement