'Critical' BitTorrent flaw hits Opera

A 'highly critical' vulnerability has been found in the Opera web browser which could be exploited to remotely compromise a user's system. The flaw is caused when Opera uses already freed memory to parse BitTorrent headers, and can lead to an invalid object pointer being de-referenced.

This can be exploited to execute arbitrary code if the user is tricked into clicking on a specially-crafted BitTorrent file and then removes it from the download pane by right-clicking. The vulnerability is reported in version 9.21 of Opera on Windows, but security monitoring website Secunia, which rated the flaw 'highly critical', said that other versions may also be affected. The problem can be fixed by upgrading to Opera 9.22.

View: The full story
News source: vnunet

Report a problem with article
Previous Story

AMD halted market share slump in Q2, says analyst

Next Story

LG Unveils Second-Generation Super Multi Blue Drives

22 Comments

Commenting is disabled on this article.

And more proof that as users migrate from IE to FF to now Opera and Safari, well we will begin seeing plenty of security holes in Opera and Safari. And by knowing that, shockingly it doesn't matter which browser you use anymore! (or soonish anyways).

And how do you know that? Safari uses KHTML engine while Opera uses it's own proprietary one (core-2 for the moment). Browser with least security holes discovered is Opera.

Actually Konqueror which is less popular than Opera and runs exclusively on Linux is actually less secure than Opera. Your theory is correct but Opera will still be very secure no matter how popular it gets.

Love opera! I use 9.22 already, by the time they find an exploit its already fixed.

Opera 9.22 = 0 known security holes

Part of the reason I quit using Opera was them starting to add dumb stuff like this. Loosing it's nice small size, slowly but surely. Still not a huge program for sure, but.................................

Really stinks too. I had used Opera as my default browser since early version 5 days. Now I can't stand how herky jerky it loads stuff and how many site are not compatible with it.

by herky jerky i would have to assume you mean flash (the superhero) fast because have you compared the herky jerkyness to ie or firefox hmmmm

and the blame for the site incompatibility would lie on that of the sight which in all likelyness was designed to cater for ie and firefox

Yet it still starts faster than Firefox, is the browser with least security holes, has the most features, is very customizable, eats less memory than FF, renders pages faster etc etc. There are very few sites where I run into problems with Opera these days.

Only features missing from Opera's BitTorrent implementation:

1. DHT/Azureus DHT.
2. NAT Traversal.
3. Encryption support to boost speeds and avoid discrimination by ISPs.
4. Individual File download / exclusion feature.

I'm a loyal Opera and Azureus user, and adding the above bittorrent features would put Opera on par with Azureus' core functionality.

Considering Opera doesn't have anywhere near as many users as IE or FF this flaw will propably not even be exploited. Still, pretty nice that a flaw is in news AFTER it has been already fixed. ;)

I haven't bothered with the BT capability in Opera because it simply isn't as fast, feature packed and convenient than something like µTorrent. Like already mentioned, it's more like BT for the occasional user and I think it works fine for that.

I'm eagerly waiting for the first public build of Opera 9.5.

LaXu said,
Considering Opera doesn't have anywhere near as many users as IE or FF this flaw will propably not even be exploited. Still, pretty nice that a flaw is in news AFTER it has been already fixed. ;)

don't forget that they are quite quick in fixing their flaws.... currently secunia reports 0 Secunia advisories unpatched

That's because Opera is an internet suite, a bit like the old Mozilla (or even Netscape) Suite back in the days. It's not just a web browser.

^ That's true, although these days they market it as a "web browser" as people will identify it more as an alternative to those other "browsers" called Firefox and Internet Explorer as opposed to a "suite" like Mozilla.

Perhaps a better term will be "the Opera all-in-one browser."

The problem can be fixed by upgrading to Opera 9.22. (secunia)

By tdzark, # 11. July 2007, 10:04:48 in http://my.opera.com/desktopteam/blog/more-...#comment3150236
if you know and care about multiple connections, eMule, dc++, kademila and half-open connections for your torrent files, Opera's builtin client is probably not for you. It's probably more targeted at your grandma when you send her your new XtremeMac_FunSummer2007.avi.torrent and she click the link from M2 but nothing happens. She just want's the content and doesn't care about technology behind. Then it's good with Opera's inbuilt support.

Look to the right side of the title bar for your post. See those little rounded squares? The purple is Q, the green is R and the orange is E.

Both Q and R can be used to continue a discussion or provide a response to a question in a threaded fashion, so that people can follow your train of thought, and participate in the conversation. You would do well to use them, or you'll end up confusing a hell of a lot of people when your comment is separated from his.

I don't understand why opera even has bittorrent support. There's absolutely no need for it what with utorrent and azareus.

For the same reason as e.g. FTP support so you don't have to roll out your FTP client... They consider it just another file transfer protocol, which it actually is.

i agree with sin-ergy ... theres basically no point in including a bit torrent support in something thats designed to browse the web.

cause all it does is open more ways of attack for people even though since opera is not used by alot of people odds are it wont be exploited in the first place.. but still, all in all it's best to not even have torrent support in a webbrowser.

but i guess either way i dont got crap to worry about since i use firefox as i prefer that more than opera.