Opera patches a critical JavaScript flaw

Using a new public tool provided by rival Mozilla, Opera patches vulnerability before it's exploited.

Security vendor Secunia on Wednesday reported a highly critical JavaScript flaw in Opera 9.22 and earlier. Fortunately, Opera already knew about the problem and on Wednesday released a more secure version of Opera, version 9.23. How did it know? The Norwegian browser company said it used a tool that was released during this year's Black Hat USA by rival Mozilla, the makers of the Firefox browser.

According to Secunia, the Opera vulnerability is the result of an unspecified error when processing JavaScript code. The error can produce a virtual function call using an invalid pointer. This can be exploited, tricking a user into visiting a malicious Web site executing arbitrary code.

At Black Hat, Mozilla's Window Snyder told me that both Apple and Microsoft were also given copies of the Mozilla JavaScript fuzzer as early as May. No word yet whether Apple or Microsoft has used the tool on their own Internet browsers.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Acer introduces a stackable, modular PC

Acer intros a modular PC; the PS4's next update is a big one; why renting cable boxes is crazy; and Google's war on full-screen mobile ads.

by Jeff Bakalar