Opera 11.01 closes critical hole
The new version of the Opera web browser closes the critical hole that was reported early this week; this vulnerability allows attackers to gain control of a computer. The problem was caused by a flaw in the code for processing HTML documents which contain
select elements with a large number of child elements. In combination with further tricks, this flaw allows arbitrary code to be injected and executed.
The vulnerability affects not only the Windows version, but also those for Mac and Unix, and has been closed in all versions. The updates for all operating systems also correct a browser configuration click-jacking vulnerability and a another that allows web pages to read out local files.
The only new feature included in the update is the support of the window.DOMStringList DOM object. The update also offers various minor improvements and further bug fixes. It is now available to download for all supported platforms.