Security Flaw Discovered in Opera

Marcin Ressel, Security Researcher at VUPEN Security, revealed a security flaw in Opera browser on March 4, 2010. Ressel added that the flaw existed in Opera version 10.50 and earlier running on Windows XP SP3, as reported by VUPEN Security on March 4, 2010. Apart from version 10.50, other Opera versions running on Windows might be vulnerable to the flaw.

Security companies such as SANS and Secunia also released advisories about the flaw in which they rated it as "highly critical." The flaw could let an attacker run malware on computers, they explained.

Describing the problem in detail, the security researchers stated that when an error occurred during the processing of HTTP responses containing a corrupt header labeled "Content Length," it resulted in the vulnerability. If remote hackers exploited the flaw, it could lead to the browser's crash down or enable the execution of arbitrary code after duping an end-user into going to web-page hosted on a malicious server.

With the vulnerability becoming public, Thomas Ford, Opera Spokesman, stated that the company was sure that the flaw resulted in a crash down. However, the flaw, if exploited for code execution, was very hard though not impossible, said Ford, as reported by TheRegister on March 5, 2010.

Furthermore, the spokesman said that users should ensure that the 'Data Execution Prevention' (DEP) security feature was enabled. DEP aided in avoiding damages from security threats like viruses as it kept watch over the applications to ensure that they safely utilized system memory. According to Ford, when Opera conducted tests, it found that DEP lessened the problem; therefore it should safeguard the computer.

Besides, the researchers advised Web-surfers that they should avoid browsing unreliable sites and do not click on unreliable links since a patch for the flaw wasn't yet available.

Meanwhile, a security flaw in Opera isn't something new. During 2007, the browser had a vulnerability with which hackers could launch cross-site scripting assaults. Secunia, the discoverer of that flaw, disclosed that for its effective exploitation, users should be made to access a malware ridden website.

Related article: Securities Push Up A Must For Web Companies

» SPAMfighter News - 3/15/2010