Frameset issue allows execution of arbitrary code – Opera Security Advisories




Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a memory corruption. To inject code, additional techniques will have to be employed.

Opera’s response

Opera Software has released Opera 11.11, where this issue has been fixed.


Thanks to an anonymous contributor working with the SecuriTeam Secure Disclosure program, for reporting this issue to Opera Software.