SubscribeRSS Feed

New Opera 9 ‘exploit’ un-exploitable, according to Opera

Comments
 Published June 23rd, 2006 10:03 AM EDT By Daniel Goldman

It didn’t take long for a public ‘exploit’ of the new browser, Opera 9, to be made public.

The exploit, or rather a proof of concept, was discovered by researcher Povilas Tumėnas, and posted online the day after Opera 9 was released. According to the researcher the ‘exploit’ can be used to create an out-of-bounds memory access.

I’ve seen and tested this ‘exploit’. The browser crashes when a page containing the ‘exploit’ is loaded.

Opera has already analyzed it, an Opera official told Opera Watch. “It is absolutely un-exploitable.”

“The reporters didn’t bother contacting us first to discuss it (which is standard practice for security researchers) or we could have informed them that Opera crashes reading memory, not writing, and thus it’s guaranteed to be a harmless crash.”

This problem still exists with the new Opera 9.01 weekly build that was released today. I’ve been told that it will be fixed in an upcoming browser update.

If you enjoyed this post, then make sure you subscribe to my RSS Feed.

Comments :: Post a Comment
« The new Opera slogan: your web, your choice
Slashdot interviews Håkon Wium Lie, Opera CTO and Father of CSS »

7 Comments

Feed for this Post
  1. 1 Ramunas Jun 23rd, 2006 at 11:32 am
    using Opera Opera 9.00 on Linux Linux

    Its not so dangerous, but still i’d like it ot be fixed.

    Good job Lithuanian hackers, keep searching for bugs in Opera.

  2. 2 Daniel Goldman Jun 23rd, 2006 at 11:40 am
    using Opera Opera 9.00 on Windows Windows 2000

    Good job Lithuanian hackers, keep searching for bugs in Opera.

    But do it the right way. Inform Opera of the exploit before making it public.

    Opera will still give you the credit with finding the exploit, you just need to give them a bit of time to fix it (if it’s in fact a real exploit).

  3. 3 Ramunas Jun 23rd, 2006 at 11:55 am
    using Opera Opera 9.00 on Linux Linux

    I’ll try to contact them and let them know.

  4. 4 Jakub81 Jun 23rd, 2006 at 2:26 pm
    using Opera Opera 8.54 on Windows Windows XP

    Bad job lame Lithuanian hackers, you should have inform Opera about it first, not wait until 9.0 release to get a bit of publicity.

  5. 5 Ramunas Jun 24th, 2006 at 3:40 am
    using Opera Opera 9.01 on Linux Linux

    Well they only found this when 9 was released, it doesn’t affect previous versions. 8.54 is safe

  6. 6 Amen Jun 27th, 2006 at 2:22 pm
    using Opera Opera 6.31 on SonyEricsson SonyEricsson P800

    An update to Opera just a week after the v.9 release? Well, it’s a good thing, if the update is better than the previous version. It’s a bad thing only if you think marketing is all about full and round numbers…

  7. 7 mac Jul 24th, 2006 at 5:41 am
    using Internet Explorer Internet Explorer 6.0 on Windows Windows XP

    It is absolutely un-exploitable.Opera has brought a new change for itself.Bheeeee

About this blog


Opera Watch, an Opera browser blog, is run by Daniel Goldman, who used to work for Opera Software as a Technical Evangelist.

Subscribe

Subscribe to Opera Watch, and stay in touch with the latest Opera browser buzz.

Opera Mini

Get Opera Mini

View this page in Opera Mini

Opera Mini demo

Opera Tips

(More opera tips)

Search Opera Watch

Note: I encourage you to copy and translate my blog posts to your non-English blog. Do you have an Opera blog (with more than 90% of the content Opera-related)? Let me know and I'll add it to the list above.

About Opera


Q: What is Opera?
A: Opera is one of the most powerful Web browsers around. A Web browser is the program that allows you to view Web pages. Opera is well known for innovation for PC browsers and bringing the full web to mobile phones and devices.

Q: Is Opera free?
A: Absolutely free.

Q: Why should I download a browser? Doesn't my computer already come with one for free?
A: It's about getting more out of the time you spend on the internet. Opera is designed to be much faster than these browsers and gives you powerful features that the default browser lacks. Default browsers like Internet Explorer are also more likely to be subjected to dangerous software such as viruses and spyware.

Q: Will Opera keep me safe from fraudulent websites and malicious hackers?
A: According to Secunia, a respected firm that tracks security in browsers, Opera has the best reputation and track record when it comes to browser security. Keeping our users safe from security vulnerabilities, fraudulent websites, and malicious hackers is a top priority for Opera. Opera is maintained by hundreds of engineers, developers and security experts who are constantly looking to make the browser even safer.

Q: Doesn't Opera copy all of their features from other browsers?
A: Absolutely not. In fact, many of the features that are popular in other browsers today were invented and pioneered by Opera a long time ago. Opera invented the precursor to tabs (in 1994), Page Zoom (1994), was the first browser to block pop-up ads (2000), first to add a Search field in the browser toolbar (2000), Sessions (1996), deleting private data (2000), Mouse Gestures (2000), User JavaScript (2005), BitTorrent support (2005), Widgets (2006), Speed Dial (2007), and much more.

Q: Does Opera support extensions, such as those found in Firefox?
A: Much of the functionality provided through Firefox extensions is already built directly into Opera, so you don't have to download additional extensions in Opera. In addition, Opera is highly customizable and supports all standard plug-ins.

Q: Can I also use Opera on my mobile phone?
A: Yes. And your Nintendo Wii, Nintendo DS or almost any connected device and mobile phones. Opera Mobile oftens comes preinstalled from the manufacturers, but if it doesn't you can install Opera Mini which runs on nearly all phones.

Q: This all sounds great, so how do I download Opera?
A: -- Opera on your computer
-- Opera Mini on your phone
-- Opera Mobile on your phone
-- or learn more about Opera at www.opera.com