RealTime IT News

Opera Rushes Out Another Security Fix

Alternative Web browser firm Opera has rushed out a new version to plug "extremely critical" security flaws that lets intruders load and execute malicious code on vulnerable machines.

For the second time in as many months, Norway-based Opera Software was forced to push out a new version of its Opera 7 browser because of issues surrounding security. The latest bug, which affects both versions 6.x and 7.x, was detected in the browser's handling of filenames when showing the "Download Dialog" box.

"The problem is that very long filenames are handled incorrectly. This allows a malicious website to create a filename that causes a buffer overflow which can be exploited to execute arbitrary code," according to an alert from IT security services firm Secunia.

In releasing the new Opera 7.03 version, the company confirmed the Secunia findings.

Secunia warned that exploits for the vulnerability are in the wild for Windows, noting that "exploitation does not require user interaction as Web sites can spawn the "Download Dialog" automatically."

Just last month, Opera confirmed five security holes in its flagship browser, three of which were considered "critical."

In conjunction with the security fix in version 7.03, the company announced the launch of its Opera for Higher Education Program, an initiative that allows schools to register multiple licenses at reduced prices.

Opera, which sells an ad-free version of the browser for $39, said the program is a hit with big-name schools like the Massachusetts Institute of Technology (MIT) Media Lab, Harvard Law School's Berkman Center, the University of Illinois in the United States; the University Of Darmstad and the University of Cologne, both in Germany; and the University of Cardiff, Wales.

Like many others in the technology space, most noticeably Microsoft and Sun Microsystems, Opera is cozying up to the educational institutions to win adoption for its browser, with competes directly with Microsoft's Internet Explorer, AOL's Netscape and the open-source Mozilla project.

Opera said the University of Illinois at Urban-Champaign had already deployed more than 40,000 licenses and described the reception by the educational community as "absolutely fabulous."

"Many institutions are relieved to finally be able to deploy a good browser alternative campus-wide," said Mary Lambert, Opera's product line manager desktop.

The Opera for Higher Education Program lets universities and colleges register and use the browser ad-free for as little as $1.00 per license compared to the $39 regular license price. Opera is available for free in an ad-supported version.