ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Opera updates browser to plug security holes

Patrick Gray ZDNet Australia

Published: 24 Nov 2003 09:25 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A new version of Opera, released on Friday, fixes two vulnerabilities in the popular Web browser.

The vulnerabilities, disclosed to the BugTraq security mailing list over the weekend, allow rogue Web sites to take control of a victim's computer by exploiting weaknesses in the way the browser handles skin files.

An advisory, written by Jouko Pynnönen of Finland, describes scenarios which would allow an attacker to seize control of systems running Opera, all of which require some degree of user interaction to be successfully exploited.

"In order to be exploited, these vulnerabilities require the victim to visit a Web page created by a malicious user," he wrote.

While Pynnönen says one vulnerability affects Windows systems only, the second, buffer overflow vulnerability will allow an attacker to take control of Linux-based systems.

"The directory traversal problem doesn't exist on Linux... Other versions weren't tested," the advisory read. "[However] the buffer overflow can be produced on Linux, too."

A new version of Opera is available here.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
50 out of 99 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

C#, VB.Net Web sites / applications. ASP.Net, Flash, AJAX. to 34,000

ASP.Net developer with Flash, Flex or Silverlight is required by niche software consultancy, that develop a unique web base software application ...

Security Consultant - Immediate start

The desired candidate will have the following skillset: * Network Vulnerability Internal & External Testing * Configuration of Cisco switches / ...

IT Project Manager - IT Development Projects Oxfordshire REF: 2068

Services group is responsible for the creation, development and ongoing managed service delivery of innovative online marking services and online ...

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Google sponsors open source security p...

Google has announced it is to sponsor oCERT, an open source computer emergency response team. In a blog post on Monday, Google security engineer Will Drewry said that one of the... More

Post a comment

Indian officials accuse China of cyber...

China is actively engaged in mapping India's computer networks, according to the Times of India. China is mounting "almost daily" attacks against Indian Government computer systems,... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation