May 15, 2020

Opera Fixes SVG Vulnerability

(LiveHacking.Com) – Opera has released version 11.52 of its web browser to address an explotable vulnerability in the processing of SVG images. This release is in response to a new metasploit module which was released along with details of the vulnerability by security researcher José A. Vázquez.

Opera also issued a security advisory which describes the problem:

Certain font manipulations inside a dynamically added and specifically embedded SVG image can cause Opera to crash. Additional techniques can reliably be used in combination with this crash to allow execution of arbitrary code.

In a blog post, the company also responded to claims that Opera had intentionally decided not to fix this particular vulnerability as José had informed Opera of the problem several months ago, via the  SecuriTeam Secure Disclosure program, but it remain unresolved.

In the blog Sigbjørn Vik writes:

About 6 months ago (in April 2011), we were contacted by a security research group, on behalf of a researcher, giving details of a handful of bugs and issues that could be demonstrated in old releases of Opera. We confirmed most of these in the then-current releases and fixed the exploitable ones. These fixes were released in a regular security update, Opera 11.11.

Opera then informed SecuriTeam of the fixes and asked for more details about the remaining issue that it was unable to reproduce including a request for known ways to reproduce it in the then-current Opera release. However it receive no further information from SecuriTeam or José.

This then raises the question of responsible disclosure and if José did all he could to ensure that Opera had all the relevant details.

Also fixed is 11.52 are the following non-security related bugs:

  • Adjusting volume on a YouTube HTML5 Video causes freeze
  • Fixed a non-exploitable bug which allowed injection of untrusted markup into the X-Frame-Options error page, as reported by Masato Kinugawa.
  • Crashes when downloading via BitTorrent