Opera 10.10 closes "extremely severe" hole
With version 10.10 (Opera Unite) of its browser, Opera has fixed a vulnerability which can potentially be exploited to compromise systems. The flaw that causes the vulnerability has been known for about six months and has already been fixed in Chrome, Firefox and SeaMonkey. K-Meleon 1.5.x and the KDE (4.3.3) libraries are also said to contain the bug, which allows specially crafted web pages to write arbitrary code to the heap and execute it.
The problem is caused by a format string vulnerability in various third party implementations of the dtoa C function for string to number conversions. It was originally discovered by security expert Maksymilian Arciemowicz in the similar gdtoa C function of NetBSD last June. Over time, it emerged that further libc implementations including OpenBSD, FreeBSD and Mac OS X were also affected. Updates have been released for OpenBSD 4.5, NetBSD 5.0 and FreeBSD 7.2/6.4.