'Highly critical' flaw found in Opera browser

Summary: Security researchers are sounding the alarm for an unpatched, remote code execution flaw in the Opera Web browser.

Security researchers are sounding the alarm for an unpatched, remote code execution flaw in the Opera Web browser.

The vulnerability, rated "highly critical" by Secunia, can be exploited by malicious people to take complete control a user's system.

From Secunia's advisory:

The vulnerability is caused due to an error when processing HTTP responses having a malformed "Content-Length" header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit "Content-Length" value, having the higher 32-bit part negative.

The vulnerability is confirmed in version 10.50 for Windows. Other versions may also be affected.

In the absence of a patch, Opera users are urged to avoid browsing to untrusted Web sites or switch to an alternative browser.

Topics: Browser, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

46 comments
Log in or register to join the discussion
  • Just a novice opinion but....

    ...seems like this mistake was staring them right in the face...
    storm14k
    • Sounds like a two's complement bug?

      [quote][i]From Secunia?s advisory:

      The vulnerability is caused due to an error when processing HTTP responses having a malformed ?Content-Length? header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit ?Content-Length? value, having the higher 32-bit part negative.[/i][/quote]

      Google: http://www.google.com/search?q=two%27s+complement
      Results 1 - 10 of about 203,000 for two's complement. (0.29 seconds)

      Pretty basic I suppose?
      WinTard
    • Agreed! Most basic fuzzing should have caught this. And no sandbox!

      Speaks volumes about Operas quality control.

      I mean, this header is the *first* you would try
      to tamper with as it is practically *always* there
      and has a bearing on buffer sizes etc.

      And Opera (like Firefox) does not see importance
      in separating privileged operations from
      unprivileged ones to accommodate a proper sandbox.
      honeymonster
      • On the contrary..

        ..it's [i]harder[/i] to get a website to serve up bogus headers than it is to just get a little JavaScript snippet somewhere in the body.
        Which is how most of the countless IE exploits work.
        AzuMao
  • RE: 'Highly critical' flaw found in Opera browser

    Hah! Take that Opera! I continue to laugh at you!
    Loverock Davidson
    • But take heart Opera

      Everyone continues to laugh at Loverock too.
      Viva la crank dodo
    • You must laugh at least 100 times as hard at IE, then, surely?

      Not only does it have way more vulnerabilities, you actually have to [i]pay[/i] for that sh[i][/i]it. LOL!
      AzuMao
      • Not only wrong but not even good FUD

        a) IE is comparably as secure as opera, both way ahead of FF.
        b) IE is vastly superior to Opera against phishing.
        c) IE is free.
        Johnny Vegas
        • Try again.

          a/b) I'm not talking about the user from going to evilphisher.com and giving them his password, I'm talking about the browser automatically executing malicious code without permission.

          c) No it's not. It's part of the Windows OS, which you must pay to install and use. Ergo not free.
          AzuMao
          • Dont need to. Your FUD is weak.

            IE and Opera are about equal on (a) and IE is much better on (b), which is how most machines get compromised.

            As for c try downloading IE and see how much it costs you. Answer: same as Opera. Did you claim Java or Flash weren't free when they were bundled with Windows?
            Johnny Vegas
          • Correction; your straw-man is weak.

            Flash and Java aren't (and never were) part of Windows.
            You didn't have to buy Windows to use them.
            You can download a free OS (such as one of the UNIX-like ones), and use it fine on that.

            IE, on the other hand, is only as free as the engine that comes "for free" when you buy a car.
            If you don't buy the car, you don't get the engine.

            And no, most machines do not get compromised from phishing.
            AzuMao
          • Not sure what your definition of straw man is

            but I don't see you addressing one.

            I'm no IE fan but his argument regarding IE being free is for all intents accurate from a consumers standpoint. True the cost of development may be built in to the OS price but there is no refund for not taking it and the EU was not going to have MS be refunded should users choose another browser. Further, have you ever paid to upgrade to the latest IE like you would for other MS (or non-MS) products? When MAC users could download IE, it was for all intents free as well as far as the consumer is concerned.
            If you ever buy a car without an engine, do you think the price would be the same? If so, I'd like to talk business with you.
            Viva la crank dodo
          • @Viva la crank dodo

            Just like you don't get a refund for taking the engine out of a car you bought. So what?

            Solution; don't buy the car (don't buy Windows).


            I'm pretty sure none of the Mac OSs were ever free, either. And they [i]definitely[/i] weren't during the (extremely short) period of time that IE ran on Mac.
            AzuMao
  • Just Great!

    I dumped FF, dumped IE, because of the bad news I've been reading on here, only to find Opera is right down there with 'em - Ugh!
    KarenSeb
    • Nothing's perfect.

      Just because none of them are perfect doesn't make it fair to compare them to absolute [i]garbage[/i] like IE.
      AzuMao
    • No program is EVER going to be perfect

      And they are going to have bugs like this.... though, I am wondering why the idiots missed this VERY DAMNED OBVIOUS bug before releasing Opera 10.50.... wondering if this is in the 3298 build that I am using off the beta site.
      Lerianis10
  • RE: 'Highly critical' flaw found in Opera browser

    IE 8 is the most secure browser available.
    hubivedder
    • Not quite....... they are all about equal right now

      Enough said.
      Lerianis10
    • Really???

      Explain THIS:

      http://blogs.techrepublic.com.com/security/?p=3259&tag=nl.e036
      DaemonSlayer
      • Uh... er...

        ..it doesn't count!
        Cause everyone knows pressing F1 is, like, super
        dangerous!!!

        Ya! That's it! They shoulda known better!
        AzuMao