Friday, April 30, 2010

Opera is vulnerable

Vulnerability intelligence vendor Secunia warns that a highly critical remotely exploitable vulnerability has been identified in the recently released Opera 10.52. The browser developer has patched the potential arbitrary code execution flaw in Opera 10.53.

The issue was identified by a programmer named Mathias Karlsson, who was investigating a stack exhaustion bug in WebKit, the popular rendering engine used by Safari, Chrome and other browsers. "The script simply fills the DOM document with tags and within seconds, causes both Safari and Opera to crash. […] Opera does not run WebKit but it turned out that the exploit made it crash for other reasons," the researcher writes on his blog, where an exploit is also available.

"The vulnerability is caused due to an error when e.g. continuously writing content to a page using document.write() and results in a function call using uninitialised memory when a user visits a specially crafted web page," explains Secunia. The company attributed a severity level of "highly critical" to the vulnerability, because successful exploitation may allow for arbitrary code to be executed on the system.

Opera acknowledged the existence of an issue in the release notes accompanying Opera 10.53 RC1, which became available to users yesterday. However, the browser developer does not confirm the critical impact of the bug and only refer to it as a "possible" vulnerability. "A crash was reported as a security issue yesterday, and we are still investigating the issue. However, we do have a fix ready for testing already," the company said.

Even though at the time of writing this article, there was no official announcement yet, the final builds of Opera 10.53 for Windows and Mac have appeared on the official FTP servers. In addition, Karlsson advises Safari users to stop using the browser until the problem is thoroughly investigated and points out that this WebKit bug cannot be exploited in Chrome, due to its sandboxing model.

Taken from : http://news.softpedia.com/news/Highly-Critical-Vulnerability-Discovered-in-Opera-140962.shtml