Newsfeed prompt can cause Opera to execute arbitrary code – Opera Security Advisories

Severity

 

Highly Severe

 

Problem Description

 

When Opera encounters a newsfeed source on a Web page, it prompts to add the source as a newsfeed. A script can manipulate the feed source in a way that can cause Opera to crash. The crash is caused by an erroneous memory access. To inject code, additional techniques will have to be employed.

 

Opera’s Response

 

Opera Software has released Opera 9.27 with a fix for this vulnerability.

 

Credits

 

Thanks to Michal Zalewski for reporting this issue to Opera Software.