Opera has released its latest web browser upgrade to version 12.11 for Mac OS X, fixing two vulnerabilities that include one high severity flaw. The recommended Mac-only upgrade to Opera 12.11 offers general improvements and stability enhancements in addition to security fixes. Opera Software fixed a crash related to updating the state of some extensions’ toolbar icons, closed several issues related to SPDY, and fixed an issue that could cause Gmail not to load.
Opera Software disclosed further information about the two vulnerabilities, a high severity issue and a low severity issue, fixed in this upgrade. Details of the two bug fixes are as follows:
HTTP response heap buffer overflow issue that can allow execution of arbitrary code:
When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruption and crash. It is possible to use this crash to execute the overflowing data as code, which may be controlled by an attacking site.
Error pages issue that can be used to guess local file paths:
Remote web pages should not be able to detect what files a user has on their local machine. Certain error pages do not apply this restriction correctly, allowing web pages to produce an error page where a script can run. The script can then use various events to detect whether files on the user’s computer exist or not.
Users can update the software using the program’s built-in updater (choose Opera > Check for Updates), through its auto-updater (this can be turned on in Preferences > Advanced > Security), or from the Opera website.