Zero-Day Vulnerability Found in Opera 11.51

[Jack]

Security expert José A. Vázquez has released details of a critical security hole in the Opera browser that can be exploited to inject malicious code. Vázquez says that he found the hole and notified the developers with a proof of concept a year ago. However, the expert said that Opera decided not to close the hole.

Vázquez thinks that the Opera developers might have tested his version 10.6 exploit with the current version 11.x, which may have caused the exploit to malfunction. Instead of contacting Opera again, Vázquez has adapted the exploit for the current version 11.51 of Opera and has released it as a Metasploit module. This means that, in principle, anyone can now exploit the vulnerability.

The hole is caused by a memory flaw when processing SVG content within framesets. Simply visiting a compromised web page is enough for a system to become infected with malicious code. Vazquez said that the exploit is successful in 3 out of 10 cases. With the pre-alpha version of Opera 12, the exploit managed to inject malicious code in 6 out of 10 cases.

By releasing the exploit, the security expert is forcing the browser developers into action. Opera will now have to respond in order to avoid exposing browser users to a virus threat for longer than is absolutely necessary. On their security blog, the Opera developers have so far not responded to the issue.'

via H-Security

 

[Deleted member 178]

some developers don't like to admit they failed in security...ego...ego...

 

[win7holic]

I have never used opera since the first touched a computer.
I really don't likes it. No reason why I don't likes it.

 

[Jack]

Their is a critical security hole in the Opera browser........ Not really a 'big news' ....what should really be pointed here is the Opera Team knows about this security hole for more than 1 year and didn't do anything to prevent an attack.
Even if an exploit was highly unlikely the Opera developers should have fix this problem........ -

 

[Hungry Man]

Lol opera. This is pretty bad. I've never seen a Firefox or Chrome vulnerability last for more than a few months after they've known about it.

But Opera's the weakest browser for security anyways.

 

[HeffeD]

Their is a critical security hole in the Opera browser........ Not really a 'big news' ....what should really be pointed here is the Opera Team knows about this security hole for more than 1 year and didn't do anything to prevent an attack.

No, the bigger news here is that a so-called security expert was so annoyed that something he reported wasn't getting fixed, that he released the exploit himself... :huh:

Sure, getting even proof-of-concept exploits fixed is always preferable, but to go as far as actually releasing the exploit at the expense of untold numbers of innocent users is just inexcusable.

That's a bit like a secret service agent pointing out a way to kill a world leader, and when nothing comes of his suggestion, he kills the leader himself to show that it could be done. :vinsent:

 

[Hungry Man]

This happens all of the time. He was right to release it.

This was absolutely NOT a case of an irresponsible researcher releasing a vulnerability too soon. He gave Opera ample warning and time to patch it AND THEN SOME. Over a year... come on.

He did exactly what he was supposed to do.

 

[HeffeD]

He did exactly what he was supposed to do.

He was supposed to release malware? :black_eye:

 

[Hungry Man]

He did not release malware... he didn't exploit anyone's browser. He let the world know that the exploit is there and that Opera is ignoring it.

That's what you're supposed to do. You give ample and responsible time to the company to patch and afterwards you release the exploit. If they never patch it you release it so they get their asses in gear.

This is common practice.

 

[eXPerience]

This is weird, Opera is normally the fastest of all browsers to patch a security hole. (but I guess with it's fast cycle Chrome is faster nowadays)

eXp

 

[eXPerience]

It's patched, in less than a week, Opera 11.51 has been update to the 11.52 version which covers the patch. Read more about it here

eXp

 

[Hungry Man]

" in less than a week"

not quite

It's been over a year. They only released a patch now that the threat could be implemented in the wild.

As I said, this is how to get things done.

 

[eXPerience]

it actually was in less than a week the thread was reported/reproduced.

[snip]
About 6 months ago (in April 2011), we were contacted by a security research group, on behalf of a researcher, giving details of a handful of bugs and issues that could be demonstrated in old releases of Opera. We confirmed most of these in the then-current releases and fixed the exploitable ones. These fixes were released in a regular security update, Opera 11.11.

We passed these details back to the research group, asking for more details about the remaining issue that we could not reproduce, despite extensive testing, in the then-current Opera release. Among other things, we asked if there was a known way to reproduce it in then-current Opera releases. No further information could be obtained.
[snap]

So all that guy did was produce a (New ?) exploit in the wild instead of contacting/reacting on Opera's question for more information... That's putting people at risk for some personal gain if you ask me.

In any case, it's good that it's fixed now;

eXp

 

[Hungry Man]

I'd have to hear more details to know. I tend to side with the security researches on these things but Opera could certainly be on the right side of things.

I believe the security researched said that he could not reproduce the exlploit in the latest version without some modification and that he had shown this to them.

I agree, what's important is that it got patched.

 

[HeffeD]

He did not release malware... he didn't exploit anyone's browser. He let the world know that the exploit is there and that Opera is ignoring it.

There are better ways to let the world know Opera is(?) ignoring an issue than publicly releasing details of an exploit. That is as good as releasing malware, because you can pretty much guarantee someone is going to jump on it and try to utilize the exploit before it's fixed.

Like I said, it's always nice to have even proof-of-concept exploits fixed, but to strong arm a developer to make a fix by potentially putting people at risk isn't the way I would expect any responsible security expert to act.