Code Execution Bug Bites Opera Browser

On the same day Mozilla shipped a Firefox update
to fix multiple critical vulnerabilities, Opera dropped a major patch
to fix three documented flaws, including a memory corruption issue that
exposes users to code execution attacks. Here are the raw details:

On the same day Mozilla shipped a Firefox update
to fix multiple critical vulnerabilities, Opera dropped a major patch
to fix three documented flaws, including a memory corruption issue that
exposes users to code execution attacks. Here are the raw details:

  • Advisory #1:
    Specially crafted domain names can cause a memory corruption in Opera,
    which may lead to a crash. Successful exploitation can lead to
    execution of arbitrary code.  Rated “extremely severe.”
  • Advisory #2:
    Opera may allow scripts to run on the feed subscription page, thereby
    gaining access to the feeds object. This can be used for automatic
    subscription of feeds, or reading other feeds.  (Less severe)
  • Advisory #3
    In some cases, a Web font intended to be used for page content could be
    incorrectly used by Opera to render parts of the user interface,
    including the address field. This can be used by a malicious site to
    display a false domain name in the address field. (Less severe)

Patches for these flaws area available in Opera 10.01.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.