Opera 12 update closes important security holes
The first maintenance update to version 12 of the Opera web browser has been released closing four important security holes. The first of these is rated as critical by the company and affects all supported platforms. According to Opera, certain URL constructs can cause its browser to allocate the incorrect amount of memory for storing the address; this can be exploited by an attacker to overwrite unrelated memory with malicious data, possibly leading to the execution of arbitrary code.
Opera 12.01 addresses two high-severity errors that could have led to cross-site scripting (XSS) attacks when handling certain DOM elements and HTML characters. A third high-risk problem has also been fixed which may have resulted in downloading and executing a malicious file; this is done by tricking a victim into clicking a hidden dialog box or by entering a specific keyboard sequence. Versions up to and including 12.0 are affected; upgrading to 12.01 corrects these problems.
For those still using the 11.x branch of Opera on Mac OS X because Opera 12 isn't yet available in the Mac App Store, the company has released version 11.66 to address these issues. However, at the time of writing, the Mac App Store still shows version 11.64 as the current release; this is likely because Opera 11.66 is pending approval by Apple for inclusion in the store.
Further details about the update, including a full list of changes, can be found in Opera's security advisories, and in the Windows, Mac and UNIX release notes. Opera 12 is available to download for Windows, Mac OS X, Linux, FreeBSD and Solaris; all users are advised to upgrade.
- Small windows can be used in several ways to trick users into executing downloads, security advisory from Opera.
- Certain characters in HTML can incorrectly be ignored, which can facilitate XSS attacks, security advisory from Opera.
- Element HTML content can be incorrectly returned without escaping, bypassing some HTML sanitizers, security advisory from Opera.
- Certain URL constructs can allow arbitrary code execution, security advisory from Opera.