Frameset issue allows execution of arbitrary code – Opera Security Advisories

Severity

Critical

Description

Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a memory corruption. To inject code, additional techniques will have to be employed.

Opera’s response

Opera Software has released Opera 11.11, where this issue has been fixed.

Credits

Thanks to an anonymous contributor working with the SecuriTeam Secure Disclosure program, for reporting this issue to Opera Software.