July 3rd, 2008

Opera patches serious code exection flaw

Posted by Ryan Naraine @ 11:11 am

Categories: Patch Watch, Zero-day attacks, Browsers, Vulnerability research, Responsible disclosure, Botnets, Exploit code, Data theft, Pen testing, Firefox, Arbitrary Code Execution, Malware

Tags: Opera Software, Patch Management, Flaw, Security Statu, Security, Ryan Naraine

Opera Software has joined the list of browser vendors shipping fixes for serious remote code execution vulnerabilities.

The company’s new Opera 9.5.1 patches at least four security issues, the most serious being a flaw reported by Microsoft’s Billy Rios that could be used to execute arbitrary code.

Opera is withholding details on the high-risk flaw until a later date but, with Rios involved, it’s probably a safe bet this is a URI-handler flaw that could be exploited if a user is tricked into clicking on a rigged Web site.    Rios and my blogging collegue Nate McFeters have spent the better part of the last year warning about serious URI-handler security issues.

From the Opera 9.5.1 changelog:

• Fixed an issue where <canvas> functions could reveal data from random places in memory, as reported by Philip Taylor. See our advisory.
• Fixed an issue that could be used to execute arbitrary code, as reported by Billy Rios. Details will be disclosed at a later date.
• Security status is now correctly set when navigating from HTTP to HTTPS.

The browser refresh also corrects an issue related to OCSP and CRLs that would lower security.