Opera updates browser to plug security holes

Security flaws in the Opera browser, which opened both Windows- and Linux-based systems to attack, have been patched in the latest version

A new version of Opera, released on Friday, fixes two vulnerabilities in the popular Web browser.

The vulnerabilities, disclosed to the BugTraq security mailing list over the weekend, allow rogue Web sites to take control of a victim's computer by exploiting weaknesses in the way the browser handles skin files.

An advisory, written by Jouko Pynnönen of Finland, describes scenarios which would allow an attacker to seize control of systems running Opera, all of which require some degree of user interaction to be successfully exploited.

"In order to be exploited, these vulnerabilities require the victim to visit a Web page created by a malicious user," he wrote.

While Pynnönen says one vulnerability affects Windows systems only, the second, buffer overflow vulnerability will allow an attacker to take control of Linux-based systems.

"The directory traversal problem doesn't exist on Linux... Other versions weren't tested," the advisory read. "[However] the buffer overflow can be produced on Linux, too."

A new version of Opera is available here.