http://www.theregister.co.uk/content/55/33539.html By John Leyden Posted: 22/10/2003 Opera users are advised to update their browser software following the announcement of a potentially serious security problem this week. Vulnerable versions of the Opera browser (prior to v7.21) are subject to a heap buffer overflow vulnerabilities that can cause the browser to crash when rendering certain HREFS. Security consultancy @stake, which discovered the problem, warns that the flaw could be exploited to execute arbitrary code on vulnerable systems. The Opera mail system is also potentially vulnerable. Opera has released version 7.21 (available here) of its browser to fix the problem. Exploit scenarios for the vulnerability – tempting users to visit a maliciously constructed website containing the problematic HTML or sending same messages containing the same exploit – will be all too familiar to long-suffering IE users, even if they're unfamiliar to Opera fans. Although Opera is not without its vulnerabilities, the browser remains far less subject to flaws than IE. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Oct 23 2003 - 03:53:03 PDT