MSMVPS.COM

The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Welcome to MSMVPS.COM Sign in | Help
in Search
Home Blogs Media Groups

Harry Waldron - Microsoft MVP Blog

Security News and Best Practices for corporate and home users

Opera 9.0 - New HTTPS vulnerability

A new vulnerability for the Opera browser has been identified. Opera users should look for an upcoming update, as the folks from Norway will most likely fix this promptly.

Opera 9.0 - New HTTPS vulnerability
http://www.frsirt.com/english/advisories/2006/2987
http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html

Advisory ID : FrSIRT/ADV-2006-2987
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-26

Technical Description: A vulnerability has been identified in Opera, which could be exploited by remote attackers to crash a vulnerable browser or potentially take complete control of an affected system. This flaw is due to a memory corruption error when processing a CSS "background" property containing an overly HTTPS URI, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a specially crafted Web page.

Affected Products: Opera version 9

Only published comments... Jul 26 2006, 06:31 PM by Harry Waldron

Leave a Comment

(required) 
(optional)
(required) 
Submit

This Blog

Syndication

Recent Posts

Archives

Personal Links


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems