Opera 12.11 fixes high-severity vulnerability
The recent 12.11 release of Opera's web browser addresses a high-severity security vulnerability that could have allowed a remote attacker to execute arbitrary code on a victim's system. According to the company, the problem in previous versions of the browser was caused by an error when handling HTTP responses that caused a heap-based buffer overflow. For an attack to be successful, a victim must first visit a maliciously crafted site.
The update also closes a low-severity security hole that could have been used to detect what files a user has on their machine. Non-security-related changes include fixes for several issues related to the SPDY networking protocol, a problem that prevented Google's Gmail email service from loading, and a crashing bug under Mac OS X. Opera advises all users to upgrade to the latest version.
A full list of fixes in the update can be found in the Windows, Mac and UNIX change logs. Opera 12.11 is available to download for Windows, Mac OS X, Linux, FreeBSD and Solaris from the company's site.
- HTTP response heap buffer overflow can allow execution of arbitrary code, security advisory from Opera.
- Error pages can be used to guess local file paths, security advisory from Opera.