Opera 12.01 Patches Five Security Flaws
One of the vulnerabilities could enable arbitrary code execution.
Version 12.01 of the Opera browser includes patches for five vulnerabilities.
"The first of these is rated as critical by the company and affects all supported platforms," The H Security reports. "According to Opera, certain URL constructs can cause its browser to allocate the incorrect amount of memory for storing the address; this can be exploited by an attacker to overwrite unrelated memory with malicious data, possibly leading to the execution of arbitrary code."
"Opera also addressed an issue where certain characters in HTML could incorrectly be ignored, thereby facilitating cross-site scripting attacks; an issue where small windows could be used to trick users into executing downloads; an issue where an element’s HTLM content could be incorrectly returned without escaping, thereby bypassing some HTML sanitizers; and [a] low severity issue that the company will detail at a later date," Infosecurity reports.
"This is the first update to the Opera browser since version 12.0 was released in mid-June," notes Threatpost's Dennis Fisher.
"Existing Opera 12.0 or earlier users can run an update check in the browser to download and install the latest version of it automatically," writes Ghacks Technology News' Martin Brinkmann. "This is done with a click on the Opera button, and the selection of Help > Check for updates from the menu that opens up."