Browser Security News

Opera has shipped a new version of its browser to fix three security vulnerabilities, one rated “extremely severe.” The most serious flaw could allow a malicious attacker to take complete control of a system, Opera said in an advisory.

Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. This also affects the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed. Opera patches ‘extremely severe’ security hole | Zero Day | ZDNet.com