Opera 10.61 Is Out, Fixes High Severity Vulnerability
After the release of Opera 10.6 this July, the Norwegian software developer follows up with the release of Opera 10.61, an update that all Opera 10.6 users should get. There is a very good reason why Opera users should get the update: security. You see, Opera 10.61 is a security and stability update that fixes a high severity vulnerability.
If exploited by a person with malicious intent, this high severity vulnerability could allow the hacker to execute harmful code and take complete control of a target computer. Here are the details Opera Software released:
Title: Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code
Severity: High (Opera uses a 5-tier severity rating: none, low, moderate, high and critical).
Description: Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just
freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed.
Credit: this vulnerability was reported by Kuzzcc.
Opera 10.61 plugs two other security holes: a moderate severity vulnerability and a low severity vulnerability.
Here are the details on the moderate vulnerability:
Title: Unexpected changes in tab focus can be used to run programs from the Internet
Severity: Moderate
Description: Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab
is closed or hidden at the moment that a user was about to click, they can end up clicking on the buttons in the dialog, causing the downloaded file to be executed. Previous versions of Opera had a delay before the button would respond to counteract this possibility. A recent interface change caused this protection not to function correctly.
Credit: Secunia’s Jakob Balle and Sven Krewitt reported this issue to Opera Software
And here are the details on the low vulnerability:
Title: News feed preview can subscribe to feeds without interaction
Severity: Low
Description: When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user to the feed
without their consent.
Credit: This issue was reported to Opera Software by Alexios Fakos.
If you would like to get Opera 10.61, you can download the browser here.
A full changelog is available here.
If exploited by a person with malicious intent, this high severity vulnerability could allow the hacker to execute harmful code and take complete control of a target computer. Here are the details Opera Software released:
Title: Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code
Severity: High (Opera uses a 5-tier severity rating: none, low, moderate, high and critical).
Description: Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just
freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed.
Credit: this vulnerability was reported by Kuzzcc.
Opera 10.61 plugs two other security holes: a moderate severity vulnerability and a low severity vulnerability.
Here are the details on the moderate vulnerability:
Title: Unexpected changes in tab focus can be used to run programs from the Internet
Severity: Moderate
Description: Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab
is closed or hidden at the moment that a user was about to click, they can end up clicking on the buttons in the dialog, causing the downloaded file to be executed. Previous versions of Opera had a delay before the button would respond to counteract this possibility. A recent interface change caused this protection not to function correctly.
Credit: Secunia’s Jakob Balle and Sven Krewitt reported this issue to Opera Software
And here are the details on the low vulnerability:
Title: News feed preview can subscribe to feeds without interaction
Severity: Low
Description: When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user to the feed
without their consent.
Credit: This issue was reported to Opera Software by Alexios Fakos.
If you would like to get Opera 10.61, you can download the browser here.
A full changelog is available here.
