Opera closes "extremely severe" hole
Opera has released version 10.53 of its Opera web browser for Windows and Mac OS X in order to close a vulnerability which the software maker rates as "extremely severe". The hole allows crafted web pages to inject and run code on a PC. It would only be necessary to visit such a web page for the vulnerability to be exploited.
The hole is created when a script makes multiple calls to modify the documents contents, causing Opera to reference an uninitialised value. This could lead to a browser crash and, using additional techniques, allow for code injection. Opera had only just released version 10.52 three days ago. Opera 10.53 can be downloaded from the vendors site.
See also:
- Advisory: Multiple asynchronous document modifications can be used to execute arbitrary code, security advisory from Opera Software.
(djwm)