Opera team has released updated version 12 of the Opera web browser that addresses a four important security holes. The first of these is rated as critical by the company and affects all supported platforms.
According to Opera, certain URL constructs can cause its browser to allocate the incorrect amount of memory for storing the address; this can be exploited by an attacker to overwrite unrelated memory with malicious data, possibly leading to the execution of arbitrary code.
Opera 12.01 addresses two high-severity errors that could have led to cross-site scripting (XSS) attacks when handling certain DOM elements and HTML characters.
A third high-risk problem has also been fixed which may have resulted in downloading and executing a malicious file; this is done by tricking a victim into clicking a hidden dialog box or by entering a specific keyboard sequence.
According to Opera, certain URL constructs can cause its browser to allocate the incorrect amount of memory for storing the address; this can be exploited by an attacker to overwrite unrelated memory with malicious data, possibly leading to the execution of arbitrary code.
Opera 12.01 addresses two high-severity errors that could have led to cross-site scripting (XSS) attacks when handling certain DOM elements and HTML characters.
A third high-risk problem has also been fixed which may have resulted in downloading and executing a malicious file; this is done by tricking a victim into clicking a hidden dialog box or by entering a specific keyboard sequence.
Versions up to and including 12.0 are affected; upgrading to 12.01 corrects these problems.