Lucene search

K
threatpostDennis FisherTHREATPOST:8B372C17277C4FAF24FD5B07410DF0DE
HistoryJan 27, 2011 - 3:49 p.m.

Opera Closes Critical Security Flaw With Version 11.01

2011-01-2715:49:00
Dennis Fisher
threatpost.com
8

Opera patchOpera has released a new version of its flagship browser, which, among other things, fixes a remotely exploitable critical vulnerability that was disclosed late last week. Opera 11.01 also includes some other stability upgrades.

The new version of Opera for Windows has fixes for a total of five security vulnerabilities, including the one that was made public last Friday in an advisory by French security firm VUPEN. That bug can be exploited remotely under some circumstances, but Opera officials said that an attack is more likely to result in a crash.

“A vulnerability has been identified in Opera, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by an integer truncation error within the Opera Internet Browser module “opera.dll” when handling a HTML “select” element containing an overly large number of children, which could allow remote attackers to execute arbitrary code by convincing a user to visit a specially crafted web page,” VUPEN said in its advisory.

That bug was rated critical, while two of the other flaws fixed in Opera 11.01 are rated high, one is rated moderate and one is rated low. Opera also released new versions of the browser for Mac and Unix, each of which includes a number of security fixes, as well.