This article is more than 1 year old
Opera in minor security drama
It ain't over till the buffer overflow is fixed...
Opera users are advised to update their browser software following the announcement of a potentially serious security problem this week.
Vulnerable versions of the Opera browser (prior to v7.21) are subject to a heap buffer overflow vulnerabilities that can cause the browser to crash when rendering certain HREFS.
Security consultancy @stake, which discovered the problem, warns that the flaw could be exploited to execute arbitrary code on vulnerable systems.
The Opera mail system is also potentially vulnerable.
Opera has released version 7.21 (available here) of its browser to fix the problem.
Exploit scenarios for the vulnerability – tempting users to visit a maliciously constructed website containing the problematic HTML or sending same messages containing the same exploit – will be all too familiar to long-suffering IE users, even if they're unfamiliar to Opera fans.
Although Opera is not without its vulnerabilities, the browser remains far less subject to flaws than IE. ®