http://www.theregister.co.uk/content/55/33539.html
By John Leyden
Posted: 22/10/2003
Opera users are advised to update their browser software following the
announcement of a potentially serious security problem this week.
Vulnerable versions of the Opera browser (prior to v7.21) are subject
to a heap buffer overflow vulnerabilities that can cause the browser
to crash when rendering certain HREFS.
Security consultancy @stake, which discovered the problem, warns that
the flaw could be exploited to execute arbitrary code on vulnerable
systems.
The Opera mail system is also potentially vulnerable.
Opera has released version 7.21 (available here) of its browser to fix
the problem.
Exploit scenarios for the vulnerability – tempting users to visit a
maliciously constructed website containing the problematic HTML or
sending same messages containing the same exploit – will be all too
familiar to long-suffering IE users, even if they're unfamiliar to
Opera fans.
Although Opera is not without its vulnerabilities, the browser remains
far less subject to flaws than IE.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn'
in the BODY of the mail.
Received on Oct 23 2003
Intro
