Opera Security Patched In Secret 88
An anonymous reader writes "Opera 9.10 released in December seemed to be a rather cosmetic update. But as heise Security reports, behind the scenes Opera patched two remote code execution holes — neither of them mentioned in the changelog. In addition, Opera rates an exploitable heap overflow as 'moderate' because it is 'not trivial to exploit it reliably'. From the article: 'JPEG images can be specially prepared to cause a buffer overflow on the heap. Even though Opera suggests in the heading to its security notice that this problem only causes the browser to crash, the flaw can nonetheless be exploited to inject and execute code. Security service provider iDefense, which reported the hole to Opera, has confirmed this. The same holds true for a flawed type conversion in the JavaScript support for Scalable Vector Graphics (SVG). Attackers can specially call the function createSVGTransformFromMatrix to have the browser execute code with the user's rights.'"
Re:But Opera is perfect! (Score:2, Funny)
OMG (Score:2, Funny)
they would be 100% honest with us
Re:But Opera is perfect! (Score:3, Funny)
Topologically, what you're talking about isn't a hole, it's just an invagination. Oh, wait -- you mean *those* holes. OK, then I agree.
Re:Wii (Score:5, Funny)
The best way to correct this flaw is to have no grandmothers. I have nothing to worry about.
Re:But Opera is perfect! (Score:2, Funny)
Opera is not responsible for the state of its users.
KFG
Sloooow New Day, huh (Score:1, Funny)
Also, what I had for breakfast today, stay tuned for my full report, right after these messages!
You deserve to control your computer. (Score:4, Funny)
Users deserve software freedom.
Re:Yea, What He Said??? (Score:4, Funny)