ie8 fix
ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

'Highly critical' flaw found in Opera browser

By | March 8, 2010, 12:12pm PST

Summary: Security researchers are sounding the alarm for an unpatched, remote code execution flaw in the Opera Web browser.

Security researchers are sounding the alarm for an unpatched, remote code execution flaw in the Opera Web browser.

The vulnerability, rated “highly critical” by Secunia, can be exploited by malicious people to take complete control a user’s system.

From Secunia’s advisory:

The vulnerability is caused due to an error when processing HTTP responses having a malformed “Content-Length” header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit “Content-Length” value, having the higher 32-bit part negative.

The vulnerability is confirmed in version 10.50 for Windows. Other versions may also be affected.

In the absence of a patch, Opera users are urged to avoid browsing to untrusted Web sites or switch to an alternative browser.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Opera Browser, Flaw, Vulnerability, Opera Software ASA, Web Browser, Secunia, Web Browsers, Security, Internet, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
46
Comments
Add Your Opinion

Join the conversation!

Just In

RE: 'Highly critical' flaw found in Opera browser
efsane Updated - 8th Apr 2011
Great!!! thanks for sharing this information to us!
sesli sohbet sesli chat
View in thread
0 Votes
+ -
Just a novice opinion but....
storm14k 8th Mar 2010
...seems like this mistake was staring them right in the face...
0 Votes
+ -
Sounds like a two's complement bug?
WinTard 8th Mar 2010

From Secunia?s advisory:

The vulnerability is caused due to an error when processing HTTP responses having a malformed ?Content-Length? header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit ?Content-Length? value, having the higher 32-bit part negative.



Google: http://www.google.com/search?q=two%27s+complement
Results 1 - 10 of about 203,000 for two's complement. (0.29 seconds)

Pretty basic I suppose?
0 Votes
+ -
Agreed! Most basic fuzzing should have caught this. And no sandbox!
honeymonster 9th Mar 2010
Speaks volumes about Operas quality control.

I mean, this header is the *first* you would try
to tamper with as it is practically *always* there
and has a bearing on buffer sizes etc.

And Opera (like Firefox) does not see importance
in separating privileged operations from
unprivileged ones to accommodate a proper sandbox.
0 Votes
+ -
On the contrary..
AzuMao 9th Mar 2010
..it's harder to get a website to serve up bogus headers than it is to just get a little JavaScript snippet somewhere in the body.
Which is how most of the countless IE exploits work.
0 Votes
+ -
RE: 'Highly critical' flaw found in Opera browser
Loverock Davidson 8th Mar 2010
Hah! Take that Opera! I continue to laugh at you!
0 Votes
+ -
But take heart Opera
Viva la crank dodo 8th Mar 2010
Everyone continues to laugh at Loverock too.
0 Votes
+ -
You must laugh at least 100 times as hard at IE, then, surely?
AzuMao 8th Mar 2010
Not only does it have way more vulnerabilities, you actually have to pay for that shit. LOL!
0 Votes
+ -
Not only wrong but not even good FUD
Johnny Vegas 8th Mar 2010
a) IE is comparably as secure as opera, both way ahead of FF.
b) IE is vastly superior to Opera against phishing.
c) IE is free.
  • Flagged
0 Votes
+ -
Try again.
AzuMao Updated - 8th Mar 2010
a/b) I'm not talking about the user from going to evilphisher.com and giving them his password, I'm talking about the browser automatically executing malicious code without permission.

c) No it's not. It's part of the Windows OS, which you must pay to install and use. Ergo not free.
0 Votes
+ -
Dont need to. Your FUD is weak.
Johnny Vegas 8th Mar 2010
IE and Opera are about equal on (a) and IE is much better on (b), which is how most machines get compromised.

As for c try downloading IE and see how much it costs you. Answer: same as Opera. Did you claim Java or Flash weren't free when they were bundled with Windows?
0 Votes
+ -
Correction; your straw-man is weak.
AzuMao 8th Mar 2010
Flash and Java aren't (and never were) part of Windows.
You didn't have to buy Windows to use them.
You can download a free OS (such as one of the UNIX-like ones), and use it fine on that.

IE, on the other hand, is only as free as the engine that comes "for free" when you buy a car.
If you don't buy the car, you don't get the engine.

And no, most machines do not get compromised from phishing.
0 Votes
+ -
Not sure what your definition of straw man is
Viva la crank dodo Updated - 9th Mar 2010
but I don't see you addressing one.

I'm no IE fan but his argument regarding IE being free is for all intents accurate from a consumers standpoint. True the cost of development may be built in to the OS price but there is no refund for not taking it and the EU was not going to have MS be refunded should users choose another browser. Further, have you ever paid to upgrade to the latest IE like you would for other MS (or non-MS) products? When MAC users could download IE, it was for all intents free as well as far as the consumer is concerned.
If you ever buy a car without an engine, do you think the price would be the same? If so, I'd like to talk business with you.
0 Votes
+ -
@Viva la crank dodo
AzuMao 9th Mar 2010
Just like you don't get a refund for taking the engine out of a car you bought. So what?

Solution; don't buy the car (don't buy Windows).


I'm pretty sure none of the Mac OSs were ever free, either. And they definitely weren't during the (extremely short) period of time that IE ran on Mac.
0 Votes
+ -
Just Great!
KarenSeb 8th Mar 2010
I dumped FF, dumped IE, because of the bad news I've been reading on here, only to find Opera is right down there with 'em - Ugh!
0 Votes
+ -
Nothing's perfect.
AzuMao 8th Mar 2010
Just because none of them are perfect doesn't make it fair to compare them to absolute garbage like IE.
0 Votes
+ -
No program is EVER going to be perfect
Lerianis10 8th Mar 2010
And they are going to have bugs like this.... though, I am wondering why the idiots missed this VERY DAMNED OBVIOUS bug before releasing Opera 10.50.... wondering if this is in the 3298 build that I am using off the beta site.
0 Votes
+ -
RE: 'Highly critical' flaw found in Opera browser
hubivedder 8th Mar 2010
IE 8 is the most secure browser available.
0 Votes
+ -
Not quite....... they are all about equal right now
Lerianis10 8th Mar 2010
Enough said.
0 Votes
+ -
Really???
DaemonSlayer 9th Mar 2010
Explain THIS:

http://blogs.techrepublic.com.com/security/?p=3259&tag=nl.e036
0 Votes
+ -
Uh... er...
AzuMao 9th Mar 2010
..it doesn't count!
Cause everyone knows pressing F1 is, like, super
dangerous!!!

Ya! That's it! They shoulda known better!
0 Votes
+ -
Would Microsoft ever come out with such a line ?
TxM2xTx 8th Mar 2010
In the absence of a patch, Microsoft users are urged to avoid browsing to untrusted Web sites or switch to an alternative browser.
0 Votes
+ -
Secunia routinely does. {nt}
WinTard 8th Mar 2010
.
0 Votes
+ -
Set data execution protection on for Opera.
goingbust 8th Mar 2010
Wouldn't that shut down this attack vector?
0 Votes
+ -
Might shut down quite a bit of other things as well
Lerianis10 8th Mar 2010
I've turned DEP on for all programs, only to find that a heck of a lot of programs 'barf' at having DEP turned on for them.
0 Votes
+ -
That is default for Opera. (nt)
hkommedal 10th Mar 2010
nt
0 Votes
+ -
Highly misleading article.
AzuMao 8th Mar 2010
The vulnerability, rated ?highly critical? by Secunia, can be exploited by malicious people to take complete control a user?s system.

It can only take complete control of a user's system if it's an insecure OS like Windows that lets user mode programs rape the entire system.
0 Votes
+ -
Windows XP does allow that.... Windows Vista and 7 don't
Lerianis10 8th Mar 2010
Which is another reason to UPGRADE TO ONE OF THOSE TWO OPERATING SYSTEMS!

And, frankly...... they only allow user-mode programs to 'rape' the entire system because it makes it easier on people to write programs for Windows XP, when you don't have to worry about 'giving permission' and other things.
0 Votes
+ -
Windows Vista and Windows 7 do.
AzuMao 8th Mar 2010
According to Microsoft, anyways.
I'm not sure how trustworthy they are though.
I've heard they've done some shady things in the past.
0 Votes
+ -
No, Windows XP does not allow that.
ye Updated - 9th Mar 2010
Use a non-privileged account with Windows XP (i.e. a standard user) and XP provides similar protections as that of Vista and Windows 7.
0 Votes
+ -
Actually, it does. And it has for a long time now.
AzuMao 9th Mar 2010
Windows XP currently allows unauthenticated remote connections (as well as malware running locally under a standard user account) to gain complete control over the entire OS without any user interaction.
0 Votes
+ -
My sympathies to both Opera users
tonymcs@... 8th Mar 2010
Opera's usage makes Linux look good.

Really only a problem for the fringe.
0 Votes
+ -
2% != 2 total.
AzuMao 8th Mar 2010
Unless only 100 people use the Internet.
Which isn't the case.
0 Votes
+ -
I think he meant the 2 Opera users who arent Opera employees
Johnny Vegas 8th Mar 2010
and family members...
  • Flagged
0 Votes
+ -
That's a lot of Opera employees.
AzuMao 8th Mar 2010
Bigger company than Microsoft and Google combined.
How do they afford so many employees?
0 Votes
+ -
AzuMao! do you normally talk out of your arse?
Richard Turpin 9th Mar 2010
nt
  • Flagged
0 Votes
+ -
Richard Turpin! No, I never do. Do you?
AzuMao 9th Mar 2010
0 Votes
+ -
He'll prolly show you how
still not nice 10th Mar 2010
lol.... grin
0 Votes
+ -
Huh?
aep528 9th Mar 2010
You really don't get the sarcasm?
0 Votes
+ -
Why'd you have to go and ruin it?
AzuMao 9th Mar 2010
You've really never heard of playing along?
0 Votes
+ -
Let me explain an esoteric concept...
fairportfan 9th Mar 2010
...known as "sarcasm".

On second thought, why bother?

You're obviously a cuisine-challenged bridge-substructure symbiont.
0 Votes
+ -
RE: 'Highly critical' flaw found in Opera browser
-Talan- 10th Mar 2010
OK! My turn now! I've used just about all the browsers out there, IE for when a web-site only renders best in it. Opera's features make it one of the best. Copied by many, but not equaled. Avant just as good.
Microsoft, as a profit making business puts out products for corporate consumption, you all know that with FTP and data base programs you need a browser for little. (read NYC real estate broker, the listing data base and a phone and money is made) In fact the time wasting opportunity a browser can allow an employee, they probably are happy it doesn't work that well. That being said Opera is a wet dream for a heavy user of the net, second only by the aforementioned and then Maxthon for speed and user features...If security is the issue then what about the other alternatives, read Mac or Linux for that peace of mind for those moments when one is to lazy to go to the bank and just has to pay bills from the office....
0 Votes
+ -
????
AzuMao 11th Mar 2010
Maxthon is just a new GUI for IE's horrible Trident engine (which is the worst part of IE).

Also, the main time sinks (YouTube/MySpace/Digg//./FaceBook) work fine on IE.
Except for loading slower (which means more company time wasted goldbricking, not less.)
0 Votes
+ -
RE: 'Highly critical' flaw found in Opera browser
ilmaters_wrath 10th Mar 2010
I trashed Opera recently due to things like this, am currently using Cometbird, and Chrome. sure I will switch a few million times in the future, too. No browser is perfect, but this one by Opera, made me just never want to use it again.
0 Votes
+ -
????
AzuMao 11th Mar 2010
Chrome has had a buffer overflow in its HTML parser at least once in its lifetime.. so you're never going to use it, either?

Opera has a pretty good history security-wise compared to most popular browsers out there.
0 Votes
+ -
RE: 'Highly critical' flaw found in Opera browser
efsane Updated - 8th Apr 2011
Great!!! thanks for sharing this information to us!
sesli sohbet sesli chat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix