Serious Security Hole in Opera Browser

Opera is one of the really good browsers out there. The browser features many in-built capabilities like managing chat sessions on IRC, reading RSS feeds and working with browsing sessions apart from a common tabbed interface and a state of the art UI.

The browser has a serious and simple security hole which allows causing a buffer overflow by setting a particular header length for any HTTP packet. The exploit Opera crash if insufficient. The hack was discovered by Marcin Ressel, who is an author at hackown.

The vulnerability is caused due to an error when processing HTTP responses having a malformed “Content-Length” header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit “Content-Length” value, having the higher 32-bit part negative.

[ Source ]

According to current reports, only version 10.5 of the browser is vulnerable to this type of an attack. The attack though, has no other impact than crashing the browser. The solution to the crash, is to enable DEP which prevents buffer overflows in software.

This bug was discovered at Vupen Security and they are claiming that hack can be used to remotely execute malicious codes and use remote computers as botnets which is quite contrary to what Opera officials are claiming.

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.

  • Opera is really a good browser.. But i still think that Mozilla is a lot more better.. Firefox is just loaded with a lot of things and has good security features too.. It doesn't have much security problems too..

    • Well, Firefox has as much security trouble as Opera or in other words Opera is as secure as Firefox (if not more).

      Anyway, regarding this issue: Expect an official update from Opera soon. They have already stated that its not exploitable, but will issue a proper formal update soon.