Patched Opera browser faces new vulnerability

Security researchers have already discovered security vulnerability in Opera Software's 9.61 browser version that was released last week.

The newest problem is that the "history search" page does not validate user input. This leaves users open to a remote code execution exploit, security researcher Aviv Raff told SCMagazineUS.com Tuesday.

An attacker can create a specially crafted page which will automatically open the history search page and exploit the vulnerability, Raff said. When a victim visits this web page a trojan can be silently downloaded and installed on the victim's machine.

Raff and fellow security researchers, Roberto Suggi and Stefano Di Paola, reported the vulnerability to Opera last Thursday, just two days after Opera released version 9.61. Opera 9.61 patched a similar problem on the same local resource — the history search page — that allowed an attacker to view a user's history.

Opera is aware of the problem and plans to release Opera version 9.62 in a matter of days to close the vulnerability, spokesman Thomas Ford told SCMagazineUS.com Tuesday.

Ford said Opera tries to patch vulnerabilities as quickly as possible. Version 9.62 is currently being tested, he said.

“They should have checked for other vulnerabilities in the same area of the issue that was fixed on version 9.61 before the release,” Raff said. “I hope they have done this for the new version.”

Opera holds about a one to two percent market share but is generally considered a more secure browser because it is less targeted.