Opera Software has joined the list of browser vendors shipping fixes for serious remote code execution vulnerabilities.
The company's new Opera 9.5.1 patches at least four security issues, the most serious being a flaw reported by Microsoft's Billy Rios that could be used to execute arbitrary code.
Opera is withholding details on the high-risk flaw until a later date but, with Rios involved, it's probably a safe bet this is a URI-handler flaw that could be exploited if a user is tricked into clicking on a rigged Web site. Rios and my blogging collegue Nate McFeters have spent the better part of the last year warning about serious URI-handler security issues.
From the Opera 9.5.1 changelog:
- Fixed an issue where
<canvas>functions could reveal data from random places in memory, as reported by Philip Taylor. See our advisory.
- Fixed an issue that could be used to execute arbitrary code, as reported by Billy Rios. Details will be disclosed at a later date.
- Security status is now correctly set when navigating from HTTP to HTTPS.
The browser refresh also corrects an issue related to OCSP and CRLs that would lower security.