Opera patches a critical JavaScript flaw

Using a new public tool provided by rival Mozilla, Opera patches vulnerability before it's exploited.

Security vendor Secunia on Wednesday reported a highly critical JavaScript flaw in Opera 9.22 and earlier. Fortunately, Opera already knew about the problem and on Wednesday released a more secure version of Opera, version 9.23. How did it know? The Norwegian browser company said it used a tool that was released during this year's Black Hat USA by rival Mozilla, the makers of the Firefox browser.

According to Secunia, the Opera vulnerability is the result of an unspecified error when processing JavaScript code. The error can produce a virtual function call using an invalid pointer. This can be exploited, tricking a user into visiting a malicious Web site executing arbitrary code.

At Black Hat, Mozilla's Window Snyder told me that both Apple and Microsoft were also given copies of the Mozilla JavaScript fuzzer as early as May. No word yet whether Apple or Microsoft has used the tool on their own Internet browsers.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Microsoft leaves Apple in the dust with tablet and laptop innovation in 2015

Will there be one Apple Ring to rule them all? That's what a patent application says. Plus, building the thinnest gadget isn't innovation anymore and Apple just got a reality check from Microsoft.

by Brian Tong