Opera 10.51 addresses vulnerabilities
Opera has announced the release of version 10.51 of its web browser for Windows-based systems, closing two "highly severe" security holes. The security and stability update addresses a previously reported vulnerability caused by an incorrectly set value in HTTP headers. This could allow attackers to provoke a buffer overflow, allowing them to execute arbitrary code on a vulnerable system. A disclosure of information issue that could allow XSLT (XSL Transformations) to be used to retrieve the contents of unrelated documents has also been fixed. Other changes include stability improvements and bug fixes.
All users are advised to upgrade to the latest release as soon as possible. The developers note that they are currently working on "bringing the Mac and Unix versions to product quality".
More details about the Windows-only release can be found in the change log. Opera 10.51 is available to download from the Opera web site. Alternatively, users with Opera 10.50 or older can use the built-in update function.
See also:
- HTTP Content-Length header can be used to execute arbitrary code, security advisory from Opera.
- XSLT can be used to retrieve random contents of unrelated documents, security advisory from Opera.
(crve)