Critical security hole in Opera disclosed

Posted on Tuesday, October 18 2011 @ 22:08 CEST by Thomas De Maesschalck
H-Online reports a critical security hole in Opera's browser has been made public by security expert José A. Vázquez. The security flaw is caused by a memory bug when processing SVG content within framesets, Opera users can be infected by visiting a compromised website. Vázquez says he notified the Opera developers about the hole one year ago, by making the discovery public he's forcing them into action.
Vázquez says that he found the hole and notified the developers with a proof of concept a year ago. However, the expert said that Opera decided not to close the hole.

Vázquez thinks that the Opera developers might have tested his version 10.6 exploit with the current version 11.x, which may have caused the exploit to malfunction. Instead of contacting Opera again, Vázquez has adapted the exploit for the current version 11.51 of Opera and has released it as a Metasploit module. This means that, in principle, anyone can now exploit the vulnerability.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments