Opera 12.01 Released With Fixes for Five Security Flaws

There are new versions of the Opera browser available, a small update to version 12.01, but they include a number of important security fixes, notably a patch for a vulnerability that could lead to remote code execution. 

There are new versions of the Opera browser available, a small update to version 12.01, but they include a number of important security fixes, notably a patch for a vulnerability that could lead to remote code execution. 

The maintainers of Opera pushed out new versions for all of the major platforms, including Windows, Mac and Unix, each with a variety of security patches. The new release for Windows includes five security fixes, one of which is a second repair of a previously addressed vulnerability in the browser. 

The patches for Opera 12.01 on Windows include:

  • Re-fixed an issue where certain URL constructs could allow arbitrary code execution, as reported by Andrey Stroganov
  • Fixed an issue where certain characters in HTML could incorrectly be ignored, which could facilitate XSS attacks
  • Fixed another issue where small windows could be used to trick users into executing downloads as reported by Jordi Chancel
  • Fixed an issue where an element’s HTML content could be incorrectly returned without escaping, bypassing some HTML sanitizers

There also is a fifth vulnerability patched in the Windows release, but Opera did not release any details about the nature of the bug or its location or effects.

The most serious vulnerability is the one that Opera had to fix a second time, a critical flaw that could lead to remote code execution. 

“Certain page address (URL) constructs can cause Opera to allocate the wrong amount of memory for storing the address. When it then attempts to store the address, it will overwrite unrelated memory with attacker-controlled data. This can lead to a crash, which may also execute that data as code,” Opera said in its advisory.

The same group of vulnerabilities were fixed in the Opera 12.01 release for Mac OS X and Opera 12.01 for Unix

This is the first update to the Opera browser since version 12.0 was released in mid-June.

Suggested articles

Discussion

  • Dr.D on

    I chose Opera as my browser and then due to other connectivity problems I uninstalled 12.01. I operate an XP system and did the removal using Add/Remove Programs. I thought this would be a simple process however as I have learned, Opera somehow controls all of my important URL's (links access to each of them to itself) and when I uninstalled, I orphaned each of my necessary websites.

    When I go back to Add/Remove now, Opera is still there but when I try to uninstall again, I receive the message ''Error Initializing Opera: Module 15 (logdoc)". This is also the message I receive when I try to access any of my online sites.

    What do I need to do to untie my system from the Opera control? If I choose to reinstall the program later then that is another issue. Right now I just want it to release my system. Can you email me advice or am I going about this the wrong way?

    Thanks!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.