Opera hit by buffer overflow glitch

By John Leyden → More by this author

19 Oct 2006 16:17

Big links crash browser

Opera users are being urged to upgrade to a new version of the browser following the discovery of a potentially serious security bug.

The flaw means that vulnerable versions of the browsers will crash when visiting maliciously constructed web sites containing overly long (more than 256 bytes) URLs. Successful exploitation of this heap-based buffer overflow flaw creates a means for hackers to load malware onto the machines of visiting surfers.

The vulnerability affects versions 9.0 and 9.01 of Opera on Windows and Linux. Version 8.x of the browser software is not at risk to this particular flaw but rather than downgrading a better solution is to upgrade to version 9.02, as explained in Opera's advisory here. Opera described the flaw, discovered by security researcher firm iDefense, as "moderate". ®

Track this type of story as a custom Atom/RSS feed or by email.

Torrent overflows Opera (23 May 2007)
Firefox hands out cookies from strangers (15 February 2007)
IE and Firefox cough up hard drive contents (13 February 2007)
IE7 unleashed (19 October 2006)
IE market share: What's going on? (12 October 2006)
Firefox 2.0 RC1 unveiled (27 September 2006)
Hackers target home users for cash (25 September 2006)
Opera 10 roadmap charts cross-platform support (31 July 2006)
Opera 9 is go (21 June 2006)
Opera *nixed by security bug (24 November 2005)
Opera tunes up to overtake Firefox (30 September 2005)