Opera issued an advisory this week for its eponymous browser detailing a flaw in the way the software handles long links--a vulnerability that could be exploited to run programs on a victim's system.
The patch is a relative rarity for Opera, which consistently has the lowest vulnerability count every year, but also has the lowest market share among the major Internet browser for the Windows operating system. The Opera browser had 7 documented vulnerabilities in the first half of 2006, compared to 47 for Mozilla's Firefox and 38 for Microsoft's Internet Explorer, according to Symantec's Internet Security Threat Report. (SecurityFocus is owned by Symantec.)
Security firm iDefense Labs, a subsidiary of VeriSign, reported the flaw to Opera.
"Successful remote exploitation allows an attacker to execute arbitrary code with the privileges of the logged in user," the firm said in an advisory released this week. "A failed exploitation attempt may result in the browser crashing."
Browsers have become a major target of online attacks in the past two years, a trend that Opera's software has largely escaped. Microsoft's Internet Explorer has been targeted by zero-day attacks using previously unknown flaws in the browser. On Wednesday, Microsoft released its most security-focused browser to date, Internet Explorer 7.
There is no known workaround for the Opera issue. Opera recommends that users of its browser upgrade to version 9.02, which does not have the flaw.
Posted by: Robert Lemos