Bug in the armor: Opera has vulnerable code

Posted Jan 6, 2007 at 10:41PM by QJ Staff Listed in: Wii Tags: Exploit, JavaScript, malware, Opera Software

I don't think he meant that kind of bug.

We don't know how this affects the Wii, but... This ain't the kind of exploit that makes the homebrewers smile. This is the one that pisses everybody off. iDefense Labs reports that there's a bug in Opera's implementation of JavaScript that can potentially allow someone "to execute arbitrary code on the affected host". Last time this writer heard this phrase, he had to dump a ton of useless popup exes and malware code out of his PC HDD; hence, the piss everyone off comment. It ain't a pretty sight, you know.

Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious JavaScript and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.

Like we said: we don't know how this affects the Wii. The iDefense Labs report doesn't contain anything Wii-specific, so absent the guy in this room with the IT degree, we don't know the dynamics of this exploit in the white box (With Wii Opera, you'd expect iDefense Labs to start gathering intel on vulnerabilities as they affect the Wii...). Anyway, the latest Opera for PC platforms corrects this bug. With the Opera on Wiis right now a running beta, it's a good bet this flaw will be patched up in a final release as well.

87 Jumps Custom Firmware 5.50GEN-D3 final released

48 Jumps God of War 3 demo on Blu-ray this week

48 Jumps PSP-4000 mentioned in LBP accessory pack ad

34 Jumps Blizzard: We will definitely work on a console game

33 Jumps MAG is gold, open beta kicking off soon

33 Jumps Alien Zombie Death has aliens, zombies, death

33 Jumps Mom gets 911 help after son won't sleep, keeps playing video game

32 Jumps Sony files curious new trademark, surveys gamers for premium PSN services

29 Jumps Sega's Mega Sale on PSN

23 Jumps Multiplayer skins released for Uncharted 2

Comments

by - 2007-01-07 06:01:41

Uh-oh...

With a lack of a firewall on the Wii, I don't like the sounds of this one bit :/ Lets hope they provide a patch soon.

by WC - 2007-01-07 07:17:57

Are you stupid?

This is EXACTLY the kind of bug that hackers want on the Wii. Anytime you see "execute arbitrary code" you can just go ahead and think 'hack hole'. And this does not affect the Wii one bit as far as viruses go. Why? Because there are NO viruses written for the Wii. Until modders hack this to advantage, nobody will know HOW to write a virus for the Wii. No, this is all plus and no minus for the Wii. For PCs, it's 'yet another hole' and that's it. Opera will patch it and avert the end of the world, again. -yawn-

by - 2007-01-07 10:38:37

guys

you guys are all stupid. first off this is why the javascript in the wii browser is built differently form the ground up with some things removed. if this hole is still present, its not a threat to wii. Why? the arbitrary code has to be native to the processor. Is anyone able to compile a Wii program yet who isnt an official developer? no... nevermind one as complex as running within another process?

by - 2007-01-07 15:39:36

hmm

http://www.ps3news.com/forums/wii-chat/wii-opera-vulnerability-46723.html well they can make the Wii crash from this bug so lets hope they can get some kind of code working from it

by - 2007-01-07 23:58:53

?

And I wonder why Microsoft doesn't have a browser in the Xbox 360, especially Internet Explorer. god people quit *****in and get off your asses to your computer!

Add New Comment

You must be logged in to post comments

The QJ.net Network
Site	Feed
QJ.NET	RSS
Nintendo DS	RSS
PlayStation 3	RSS
PSP Updates	RSS
Wii	RSS
Xbox 360	RSS
MMORPG	RSS
Personal Computer Games	RSS
iPhone - iPod Touch	RSS
QJ.NET Forums	RSS

Add QJ.NET

User Favorites - December

Most Commented
MaGiXieN explains release..	(103)
Custom Firmware 5.50GEN-D3..	(74)
Brazilian senator wants cr..	(62)
Custom Firmware 5.50GEN-D3..	(51)
Custom Firmware 5.03GEN-C..	(50)
FFXIII PS3 audio and video..	(48)
NPD Study: US kids as youn..	(44)
Custom Firmware 5.50GEN-D3..	(43)
Sony starts talking about..	(39)
PlayStation celebrates 15t..	(35)
Traveller's Tales to Sony:..	(35)
Final Fantasy XIII boxart..	(33)
Tecmo's Quantum Theory no..	(30)
EA CEO wants to turn pirat..	(29)
Sony: Get a free game with..	(27)
Rumor: Logitech has PSP Go..	(24)
More Estavillo subpoenas -..	(23)
November NPD sales: hardwa..	(22)
Pokemon: the world of the..	(22)
Scan: New character confir..	(21)
Sony sells 440,000 PS3 uni..	(20)
Zeschuck: JRPGs lack evolu..	(20)
Girlfriend dumps Andy Murr..	(20)
Buy two, get one free at B..	(19)
Time Magazine reveals Top..	(19)

User Favorites - December

Top Jumps
Custom Firmware 5.50GEN-D3..	(2700)
Custom Firmware 5.50GEN-D3..	(1013)
Custom Firmware 5.50GEN-D3..	(508)
Tiger Woods Wife Outrun Fl..	(504)
MaGiXieN: 6.xxGEN is not w..	(409)
MaGiXieN explains release..	(358)
Custom Firmware 5.03GEN-C..	(298)
PSP Homebrew: CFW 5.03 GEN..	(206)
Custom firmware 5.50GEN-D..	(169)
Wii homebrew - Custom IOS3..	(107)
PSP Revolution v0.3	(95)
Naruto Shippuden: Ultimate..	(91)
PS3 optional update 3.15 d..	(85)
No plans for custom firmwa..	(84)
PSP homebrew - DaedalusX64..	(83)
PSP Homebrew - PSPDisp v0...	(82)
Resident Evil 5 patch 1.03..	(79)
PSP homebrew game: PSP Mar..	(74)
Sony starts talking about..	(72)
gpSP v0.9 for the PSP	(71)
PS3 is year's best platfor..	(70)
PSPlayerMT For PSP - Direc..	(66)
PSP homebrew - PSP Live TV..	(66)
Sony sells 440,000 PS3 uni..	(66)
PSP homebrew - DaedalusX6..	(66)

Username:

Password:


Remember Me?

Forgot password
New user registration