Opera 12 Closes More Holes

Monday, August 6, 2012 @ 05:08 PM gHale


Opera 12’s first maintenance update is out there and it closed four key security holes.

The first of these rates as critical and affects all supported platforms. Certain URL constructs can cause its browser to allocate the incorrect amount of memory for storing the address, which an attacker could exploit to overwrite unrelated memory with malicious data, possibly leading to the execution of arbitrary code, Opera officials said.

RELATED STORIES
Opera Fills Security Holes
Opera Release Closes Security Hole
Skype for Linux Security Fix
Skype Alert: Tool can ID IP Address

Opera 12.01 addresses two high-severity errors that could lead to cross-site scripting (XSS) attacks when handling certain DOM elements and HTML characters.

A third high-risk problem could also result in downloading and executing a malicious file. This can occur by tricking a victim into clicking a hidden dialog box or by entering a specific keyboard sequence. Versions up to and including 12.0 suffer from the issues and upgrading to 12.01 corrects these problems.

For those still using the 11.x branch of Opera on Mac OS X because Opera 12 isn’t yet available in the Mac App Store, the company released version 11.66 to address these issues.

Further details about the update, including a full list of changes, are in Opera’s security advisories, and in the Windows, Mac and UNIX release notes.



Leave a Reply

You must be logged in to post a comment.