Topic: Opera Browser Vulnerability Affects Wii Internet Channel

[MegaByte]

A recently revealed vulnerability in the desktop version of Opera 9 can also crash the Wii version.

On January 5th, Opera Software revealed two security bugs in version 9.0x of its internet browser.  Though patched in its most recently released version 9.10, the Internet Channel Trial Version used on the Wii is still affected since it is powered by Opera 9.0.  iDefense Labs, discoverer of the bugs, notified Opera Software on November 16th of last year.    

One of the bugs, a flaw in the way the browser handles a scalable vector graphics (SVG) JavaScript function, can not only crash the Opera web browser, but can also allow arbitrary code execution.  However, it is unclear whether this code execution can happen on the Wii version, though the crash (a hard freeze of the system) does indeed occur.  In theory, a malicious hacker could craft a special webpage, which when visited by a victim, would crash and potentially execute code on the Wii.    

The crash occurs because Opera does not properly validate the type of object passed to the JavaScript SVG function "createSVGTransformFromMatrix."  Though Opera mentions that users that have JavaScript disabled are not affected by the problem, this is not a possibility on the Wii version, and Wii users will have to wait for a patch or the final version, which is currently scheduled for the end March.

[IceCold]

Hopefully they include Flash 9 compatibility as well..

[Smash_Brother]

Wow, that sucks...

It'd be nice if they threw us a bone and gave us a patch here before someone figures out a way to "brick" Wiis over the internet.

[Nephilim]

There is no proof the code can be activated on the wii, only thing proven is it makes it crash

[KDR_11k]

The first problem for injecting code into the Wii is... Do you have a Wii compiler?

[Nick DiMola]

I figured it was only a matter of time before some sort of vulnerability was exposed with the Wii Internet Channel. Of course there is the issue of not being able to compile Wii executable code as of now, but having any vulnerabilities at all is typically not a good thing. Hopefully this bug is worked out and all is well again.

[KDR_11k]

Hm... arbitrary code injection on a console could be useful for homebrew...

[WPack911]

Whatever it's no big whoop since it will be fixed in the final version anyway.  

[BranDonk Kong]

I was thinking the same thing as KDR. How awesome would it be if someone made a website that you could visit and the "vulnerability" would allow you to play homebrew software. Of course, there is no such thing as Wii homebrew at this time, just Gamecube homebrew that works on the Wii.

[Djunknown]

The Wii browser crashing happened to me  few times. It happens if I'm on YouTube for an extended period of time. But this vulnerability has me paranoid...

Quote
The first problem for injecting code into the Wii is... Do you have a Wii compiler?

So that means no worries for the time being right? Surf and crash to your heart's content?

[therat]

will the thread stop running after i turn off my wii?

[MegaByte]

A compiler is not a prerequisite for injecting machine code.

[AnyoneEB]

Quote
Originally posted by: KDR_11k
The first problem for injecting code into the Wii is... Do you have a Wii compiler?

Yes.