Opera
Search the knowledge base
Advisory: TLS certificates can be used to execute arbitrary code
Severity
Highly Severe
Problem Description
When connecting to a TLS-protected website, Opera parses the X.509 certificate. If a site uses a specially crafted Subject Alternative Name in the certificate, it can cause Opera to crash. To inject code, additional means will have to be employed.
Opera's Response
Opera Software has released Opera 9.25, where this issue has been fixed.
Credits
Thanks to Alexander Klink, Cynops GmbH for reporting this issue to Opera Software.
Browse through articles in the same categories:
advisory
Support
- Overview
- Get started
- Register Opera Mobile
- Knowledge base
- Online communities
- Reporting bugs
- Opera Web Mail
- Access Opera
- Premium support
- Contact support
- Documentation
Opera Help
Need help? Hit F1 anytime while using Opera to access our online help files, or go here.
View mobile site
Copyright © 2009 Opera Software ASA. All rights reserved.