This article is more than 1 year old
Opera in fresh browser security drama
Soap Opera as browser slip ups crop up, again
Opera today released a fix for a serious security flaw with its browser which could let crackers load and execute malicious code on victim's PCs.
The vulnerability, which involves both version 6.x and 7.x of the browser, revolves around incorrect handling of very long filenames in the Opera's Download Dialog box.
"This allows a malicious Web site to create a filename that causes a buffer overflow which can be exploited to execute arbitrary code," an advisory by security outfit Secunia explains.
"Exploits are in the wild for Windows," it warns.
A Download Dialog box can be spawned automatically, without user interaction, so the exploit is far more likely to trap unwary users. Secunia describes the risk as "extremely critical", with good reason.
Just as well than that Opera has promptly provided a fix (available here), within a day of the publication of Secunia's alert.
Opera users are strongly urged to upgrade to version 7.03 of the browser.
News of the Secunia vulnerability comes a month after another serious vulnerability with Opera 7, involving the browser's Java console, was plugged.
For many years Opera has had an impressive record for browser security. Even though Opera Software has responded with admirable speed to problems with its latest browser this enviable reputation must now be considered at risk, particularly if further problems emerge. ®