Opera 11.64 closes critical code execution hole
Version 11.64 of the Opera web browser has been released, closing a critical hole that could have been exploited by attackers to inject malicious code into a victim's system. According to the company, some undisclosed formulations of URLs caused the browser to allocate the incorrect amount of memory for storing the address. When the program attempted to store the address, unrelated memory could have been overwritten with an attacker's data, resulting in a crash and the execution of arbitrary code.
Non-security-related fixes include correcting an issue that prevented some secure pages, such as PayPal and eBay, from loading, and problems when using the AMD loader from the Dojo Toolkit. A full list of the fixes and improvements in the update can be found in the Windows, Mac and UNIX change logs. Version 11.64 of Opera is available to download for Windows, Mac OS X, Linux, FreeBSD and Solaris.
- Certain URL constructs can allow arbitrary code execution, the Opera advisory.
- Security improvements in Opera 12 beta, a report from The H.