Opera patches a critical JavaScript flaw

Using a new public tool provided by rival Mozilla, Opera patches vulnerability before it's exploited.

Security vendor Secunia on Wednesday reported a highly critical JavaScript flaw in Opera 9.22 and earlier. Fortunately, Opera already knew about the problem and on Wednesday released a more secure version of Opera, version 9.23. How did it know? The Norwegian browser company said it used a tool that was released during this year's Black Hat USA by rival Mozilla, the makers of the Firefox browser.

According to Secunia, the Opera vulnerability is the result of an unspecified error when processing JavaScript code. The error can produce a virtual function call using an invalid pointer. This can be exploited, tricking a user into visiting a malicious Web site executing arbitrary code.

At Black Hat, Mozilla's Window Snyder told me that both Apple and Microsoft were also given copies of the Mozilla JavaScript fuzzer as early as May. No word yet whether Apple or Microsoft has used the tool on their own Internet browsers.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Delete your photos by mistake?

    Whether you've deleted everything on your memory card or there's been a data corruption, here's a way to recover those photos.