Opera in minor security drama

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/55/33539.html

By John Leyden
Posted: 22/10/2003 

Opera users are advised to update their browser software following the 
announcement of a potentially serious security problem this week. 

Vulnerable versions of the Opera browser (prior to v7.21) are subject 
to a heap buffer overflow vulnerabilities that can cause the browser 
to crash when rendering certain HREFS. 

Security consultancy @stake, which discovered the problem, warns that 
the flaw could be exploited to execute arbitrary code on vulnerable 
systems. 

The Opera mail system is also potentially vulnerable. 

Opera has released version 7.21 (available here) of its browser to fix 
the problem. 

Exploit scenarios for the vulnerability – tempting users to visit a 
maliciously constructed website containing the problematic HTML or 
sending same messages containing the same exploit – will be all too 
familiar to long-suffering IE users, even if they're unfamiliar to 
Opera fans. 

Although Opera is not without its vulnerabilities, the browser remains 
far less subject to flaws than IE.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.