X
Business
Home Business Enterprise Software

Opera closes 'high severity' security hole

The most serious of the three flaw could allow hackers to execute harmful code and take complete control of a target compute
Written by Ryan Naraine, Contributor

Opera has shipped a new version of its web browser to patch three potentially dangerous security vulnerabilities.

The most serious of the three flaw could allow hackers to execute harmful code and take complete control of a target computer, Opera said in an advisory.

The problem:

Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed.

The Opera 10.61 update, available for Windows, Mac and Unix, also fixes the following:

  • (Moderate Severity) Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab is closed or hidden at the moment that a user was about to click, they can end up clicking on the buttons in the dialog, causing the downloaded file to be executed. (See advisory).
  • (Low Severity) When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user to the feed without their consent. (See advisory).

Opera highly recommends that all affected users download the latest update.

Editorial standards
Show Comments

Related

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

penguin holding an apple on Sonoma background

6 features I wish MacOS would copy from Linux

Placeholder product image alt text

The best AI image generators to try right now