New Opera Release Fixes Holes

Thursday, January 31, 2013 @ 07:01 PM gHale


Opera 12.13 released and users should update their installations as soon as possible because it fixes four security issues that cyber criminals could leverage.

Arthur Gerkis identified a DOM events manipulation issue that can end up exploited to cause the web browser to crash. In some scenarios, the crashes can execute arbitrary code.

RELATED STORIES
Firefox: Silent Add-ons Possible
Chrome Updated, Fixes Security Holes
Mozilla Closes Critical Holes
Chrome Wards Off BlackHole

An anonymous expert notified Opera via the iSIGHT Partners GVP Program of a problem where the use of SVG clipPaths could allow the execution of malicious code.

“When SVG documents with specifically prepared clipPaths are used in Opera, Opera may allow other content to overwrite the memory, before referencing the memory, which will lead to a crash. If an attacker can control the contents being written into memory, execution of arbitrary code may occur,” the advisory said.

A couple of low-severity vulnerabilities also ended up fixed, one of them referring to the fact that Cross-Origin Resource Sharing (CORS) requests can omit the preflight requests.



Leave a Reply

You must be logged in to post a comment.