Slashdot Mirror

← Back to Stories (view on slashdot.org)

Opera Security Patched In Secret

Posted by Zonk on from the on-the-downlow dept.

An anonymous reader writes "Opera 9.10 released in December seemed to be a rather cosmetic update. But as heise Security reports, behind the scenes Opera patched two remote code execution holes — neither of them mentioned in the changelog. In addition, Opera rates an exploitable heap overflow as 'moderate' because it is 'not trivial to exploit it reliably'. From the article: 'JPEG images can be specially prepared to cause a buffer overflow on the heap. Even though Opera suggests in the heading to its security notice that this problem only causes the browser to crash, the flaw can nonetheless be exploited to inject and execute code. Security service provider iDefense, which reported the hole to Opera, has confirmed this. The same holds true for a flawed type conversion in the JavaScript support for Scalable Vector Graphics (SVG). Attackers can specially call the function createSVGTransformFromMatrix to have the browser execute code with the user's rights.'"

2 of 88 comments (clear)

  1. Problem isn't exactly fixed yet ... by Jammet · · Score: 1, Offtopic

    You can still crash Opera 9.1 simply by opening this image:

    http://img206.imageshack.us/img206/5597/img000211u q0.jpg

    Perhaps it is even possible to exploit the problem in one way or another. I've sent that info to Operas bug-tracking system about a week ago.

    Opera-side discussion for this bug is here:

    http://my.opera.com/community/forums/topic.dml?id= 172354&t=1168112391&page=1

    --
    Leopard cub
  2. Re:Not sold as cosmetic by rapidweather · · Score: 0, Offtopic

    I have Opera 9.10 in my Rapidweather Remaster of Knoppix Linux, a live cd linux.
    In addition, I run the browser inside of a "control script" that allows the user to recover if the browser crashes, this being in addition to the normal Opera setup for that purpose. If one closes the browser, the script asks, using a dialog box, if the user wanted to close the browser, yes or no, and if no, then the ~/.opera directory is retained in /ramdisk, and the user gets a dialog box to restart the browser (later, if desired), with the current ~/.opera.

    I like Opera, and have it preconfigured with 12 RSS newsfeeds.
    I trust Opera to do the right thing when it comes to security, although I have added some security of my own.
    Mostly this was done for those that do some online banking, and want to close the browser when finished, but keep the linux system up and running, perhaps for days. Opera is supposed to be a little lighter to run than Firefox or Flock (especially Flock), so I like to have it in the CD.
    I have Mozilla Firefox 2.0.0.1, and Flock 0.7.9.1, all set up the same way, although Flock does not have any RSS feeds of my own built in. Do some banking, then switch browsers, closing one.

    Once the user decides to finally close Opera, then the entire ~/.opera directory is deleted from /ramdisk.
    Starting Opera once again gets a default ~/.opera placed in /ramdisk, that I have customized.

    In addition to all of that, one can run any of the web browsers without any of my preconfigured ~/.mozilla, ~/.opera, or ~/.flock, using the menu. Then you get the default configuration, according to the web browser makers setup. Change it to suit yourself, keep that config if you run a "persistent home directory" (OEM knoppix)

    -- Rapidweather

    --
    Rapidweather's Linux Screenshots.