Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 23rd, 2008

Critical Flaws Patched In Opera 9.61, New Zero-day Vulnerability Remains Unpatched

New Opera 9.61 makers correct an issue where History Search could be used to reveal browser history (rated extremely severe). Also fixed: a Fast Forward bug that allows cross-site scripting (highly severe) and an information disclosure flaw in news feeds (also highly severe). On the same day Opera shipped a browser update with patches for these three separate security vulnerabilities, hackers have already discussed a new zero-day flaw that exposes Windows users to remote code execution attacks.

A public discussion on the Full Disclosure mailing list exposed a zero-day vulnerability that could lead to cross-site scripting and even remote code execution attacks. The discussion began with this Roberto Suggi advisory on the History Search bug fixed in Opera 9.61 but quickly expanded to raise the possibility of code execution attacks.

Within hours, researcher Aviv Raff discovered a way to execute code from remote and released a harmless proof-of-concept exploit that launches the Windows calculator. Currently a separate exploit exists that launches harmful code remotely against fully patched versions of the Opera browser.

Until Opera can fix this new issue, users are strongly urged to consider a different browser or avoid clicking on links on untrusted Web pages.

Share this item with others:

More on CyberInsecure:
  • Extremely Severe Vulnerabilities Patched In Opera Browser
  • Opera Software Fixes Two Security Vulnerabilities In Opera 9.60
  • Two Severe Flaws In Opera Browser
  • 7 Vulnerabilities, Some Are Extremely Severe, Patched In New Opera 9.52
  • Unpatched Memory Corruption Flaw In Latest Firefox 3.5 Can Install Malware

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Critical Flaws Patched In Opera 9.61, New Zero-day Vulnerability Remains Unpatched

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.