Opera closes "extremely severe" hole
Opera has released version 10.53 of its Opera web browser for Windows and Mac OS X in order to close a vulnerability which the software maker rates as "extremely severe". The hole allows crafted web pages to inject and run code on a PC. It would only be necessary to visit such a web page for the vulnerability to be exploited.
The hole is created when a script makes multiple calls to modify the documents contents, causing Opera to reference an uninitialised value. This could lead to a browser crash and, using additional techniques, allow for code injection. Opera had only just released version 10.52 three days ago. Opera 10.53 can be downloaded from the vendors site.
- Advisory: Multiple asynchronous document modifications can be used to execute arbitrary code, security advisory from Opera Software.