Opera closes 'high severity' security hole

The most serious of the three flaw could allow hackers to execute harmful code and take complete control of a target compute

Opera has shipped a new version of its web browser to patch three potentially dangerous security vulnerabilities.

The most serious of the three flaw could allow hackers to execute harmful code and take complete control of a target computer, Opera said in an advisory.

The problem:

follow Ryan Naraine on twitter

Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed.

The Opera 10.61 update, available for Windows, Mac and Unix, also fixes the following:

  • (Moderate Severity) Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab is closed or hidden at the moment that a user was about to click, they can end up clicking on the buttons in the dialog, causing the downloaded file to be executed. (See advisory).
  • (Low Severity) When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user to the feed without their consent. (See advisory).

Opera highly recommends that all affected users download the latest update.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All