Newsfeed prompt can cause Opera to execute arbitrary code – Opera Security Advisories



Highly Severe


Problem Description


When Opera encounters a newsfeed source on a Web page, it prompts to add the source as a newsfeed. A script can manipulate the feed source in a way that can cause Opera to crash. The crash is caused by an erroneous memory access. To inject code, additional techniques will have to be employed.


Opera’s Response


Opera Software has released Opera 9.27 with a fix for this vulnerability.




Thanks to Michal Zalewski for reporting this issue to Opera Software.