madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Opera closes 'high severity' security hole

By | August 12, 2010, 10:15am PDT

Summary: The most serious of the three flaw could allow hackers to execute harmful code and take complete control of a target compute

Opera has shipped a new version of its web browser to patch three potentially dangerous security vulnerabilities.

The most serious of the three flaw could allow hackers to execute harmful code and take complete control of a target computer, Opera said in an advisory.

The problem:follow Ryan Naraine on twitter

Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed.

The Opera 10.61 update, available for Windows, Mac and Unix, also fixes the following:

  • (Moderate Severity) Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab is closed or hidden at the moment that a user was about to click, they can end up clicking on the buttons in the dialog, causing the downloaded file to be executed. (See advisory).
  • (Low Severity) When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user to the feed without their consent. (See advisory).

Opera highly recommends that all affected users download the latest update.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Advisory, Opera Software ASA, Internet, Viruses And Worms, Security, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 1 Talkback(s)

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources