/>
X
Innovation

Opera patches serious code exection flaw

Opera Software has joined the list of browser vendors shipping fixes for serious remote code execution vulnerabilities.The company's new Opera 9.
Written by Ryan Naraine, Contributor on
Opera Software has joined the list of browser vendors shipping fixes for serious remote code execution vulnerabilities.

The company's new Opera 9.5.1 patches at least four security issues, the most serious being a flaw reported by Microsoft's Billy Rios that could be used to execute arbitrary code.

Opera is withholding details on the high-risk flaw until a later date but, with Rios involved, it's probably a safe bet this is a URI-handler flaw that could be exploited if a user is tricked into clicking on a rigged Web site.    Rios and my blogging collegue Nate McFeters have spent the better part of the last year warning about serious URI-handler security issues.

From the Opera 9.5.1 changelog:

  • Fixed an issue where <canvas> functions could reveal data from random places in memory, as reported by Philip Taylor. See our advisory.
  • Fixed an issue that could be used to execute arbitrary code, as reported by Billy Rios. Details will be disclosed at a later date.
  • Security status is now correctly set when navigating from HTTP to HTTPS.

The browser refresh also corrects an issue related to OCSP and CRLs that would lower security.

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

Epson is going to stop selling laser printers. Here's why
piles-of-paper.jpg

Epson is going to stop selling laser printers. Here's why

Don't waste your money on these Apple products: December 2022 edition
Waiting in line for the Apple Store

Don't waste your money on these Apple products: December 2022 edition