Norway-based Opera Software has rushed out a new versions of its
alternative Web browser products to plug “highly critical” security flaws that could lead to system takeover.
The security vulnerabilities, which affect both Linux and Windows
systems, were detected in the way the Opera browser handles skin files. It is the third time this year that Opera has issued major updates
to fix security issues.
The Opera updates include a fix for a boundary error in the .ZIP
processing feature when skin files are being handled. A successful
exploit — which involved tricking a user into visiting a
specially-crafted Website — could cause a buffer overflow and lead to
arbitrary code execution, said Finnish researcher Jouko Pynnonen.
Pynnonen, who was credited with reporting the flaws, also warned of an input validation error in the skin-handling feature that can be exploited to place a malicious file in an arbitrary directory on a user’s system.
Both vulnerabilities affect version 7.22 and prior, Opera confirmed. The company is urging all users to upgrade to version 7.23.
The serious Opera flaws come at a crucial time for the company, which competes directly with Microsoft’s Internet Explorer and the Mozilla Foundation’s Phoenix browser.
The company has made inroads in the mobile sector, rolling out a new platform designed to fully integrate browser technology with applications on handheld devices. It has also scored deals to put a stripped down browser on mobile devices made by Nokia, Sony Ericsson, Sendo and BenQ.