Opera plugs code-execution vulnerabilities

Opera Software has shipped a high-priority security patch for its flagship Web browser to plug at least three vulnerabilities that expose Windows users to code execution and cross-domain scripting attacks.
The Opera 9.64 upgrade also adds support for DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), two anti-exploitation mechanisms that helps to limit the damage from malware attacks on the Windows platform.

Opera Software has shipped a high-priority security patch for its flagship Web browser to plug at least three vulnerabilities that expose Windows users to code execution and cross-domain scripting attacks.

The Opera 9.64 upgrade also adds support for DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), two anti-exploitation mechanisms that helps to limit the damage from malware attacks on the Windows platform.

Opera has only released details on one of the three security vulnerabilities, which was discovered and reported by Google’s Tavis Ormandy.

Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code.

Opera said the update also fixes an issue where plug-ins could be used to allow cross domain scripting and a third “moderately severe” issue that remains a mystery. “

Details will be disclosed at a later date,” the company said.

* Image source: andyket’s Flickr gallery (Creative Commons 2.0)

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.