Opera Security Patched In Secret

← Back to Stories (view on slashdot.org)

Opera Security Patched In Secret

Posted by Zonk on Saturday January 6, 2007 @07:41AM from the on-the-downlow dept.

An anonymous reader writes "Opera 9.10 released in December seemed to be a rather cosmetic update. But as heise Security reports, behind the scenes Opera patched two remote code execution holes — neither of them mentioned in the changelog. In addition, Opera rates an exploitable heap overflow as 'moderate' because it is 'not trivial to exploit it reliably'. From the article: 'JPEG images can be specially prepared to cause a buffer overflow on the heap. Even though Opera suggests in the heading to its security notice that this problem only causes the browser to crash, the flaw can nonetheless be exploited to inject and execute code. Security service provider iDefense, which reported the hole to Opera, has confirmed this. The same holds true for a flawed type conversion in the JavaScript support for Scalable Vector Graphics (SVG). Attackers can specially call the function createSVGTransformFromMatrix to have the browser execute code with the user's rights.'"

8 of 88 comments (clear)

Min score:

Reason:

Sort:

Re:But Opera is perfect! by Anonymous Coward · 2007-01-06 07:54 · Score: 2, Funny

If you think perfectness is without holes, you're not dating much.
OMG by phrostie · 2007-01-06 07:58 · Score: 2, Funny

i bet Microsoft wouldn't do that.
they would be 100% honest with us
Re:But Opera is perfect! by gardyloo · 2007-01-06 08:03 · Score: 2, Funny

If you think perfectness is without holes, you're not dating much.

Topologically, what you're talking about isn't a hole, it's just an invagination. Oh, wait -- you mean *those* holes. OK, then I agree.
Re:Wii by jpardey · 2007-01-06 08:25 · Score: 4, Funny

Good point. Also, if your Wii has a camera attached, hackers could watch your camera, and trigger your Wii controller to vibrate at precisely the right time to frighten your dog into leaping into your grandmother, killing her.

The best way to correct this flaw is to have no grandmothers. I have nothing to worry about.

--
I have freaks! I did something right...
Re:But Opera is perfect! by kfg · 2007-01-06 08:49 · Score: 2, Funny

It can't have holes!

Opera is not responsible for the state of its users.

KFG
Sloooow New Day, huh by Mex · 2007-01-06 11:00 · Score: 1, Funny

Web Browser receives patch, news at 11!

Also, what I had for breakfast today, stay tuned for my full report, right after these messages!
You deserve to control your computer. by jbn-o · 2007-01-06 12:20 · Score: 3, Funny

It helps illustrate how untrustworthy proprietary software is by default and why you should not promote or run proprietary software. How many other things are proprietors leaving out of their changelogs (assuming they publish them at all)? With free software you don't have to guess because you're given the freedoms you need to do the work yourself or get someone else to help you.

Users deserve software freedom.

--
Digital Citizen
Re:Yea, What He Said??? by lpq · 2007-01-06 16:26 · Score: 3, Funny

Security through obscurity? Does not apply. It would be if the vendor had not fixed the problem and was relying on obscurity of the bug to protect users. Instead they fixed the bug. Sounds like Security Through Fixing It; not as great as Secure By Design though.