14 DAY TRIAL // Opera has addressed three security issues in the newly released 10.61 version of its browser, including a HTML5 canvas vulnerability that could allow attackers to execute arbitrary code remotely.
The <canvas> element from the HTML5 specification can be used to draw 2D graphics or design animations via JavaScript.
"Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows.
"In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code," the browser developer warns in a security advisory.
Even though code injection requires some extra effort, Opera Software rates this vulnerability as high and credits a security researcher known as "kuzzcc" with its discovery.
A separate issue in how Opera previews news feeds has also been identified and patched. The problem could force users to subscribe automatically only by viewing a feed in the browser.
A third bug was discovered by Jakob Balle and Sven Krewitt from Danish vulnerability research vendor Secunia. Potential attackers could leverage this issue to instrument clickjacking-like attacks that result in file execution.
"The problem is that the 'Download' dialog provides the option to run a downloadable executable at a predictable location in the browser window.
"This can be exploited to trick a user into clicking on the 'Run' button by positioning a new window on top of the 'Download' dialog that is closed e.g. via a timeout shortly before the user clicks on a link within this window," the Secunia researchers explain.
Opera 10.61 contains a lot of other non-security related fixes in the user interface, as well as display and scripting engines. There is one change potentially impacting privacy where the default cookie preference was modified to "Accept all cookies."
Opera 10.61 for Windows can be downloaded from here.
Opera 10.61 for Linux can be downloaded from here.
Opera 10.61 for Mac can be downloaded from here.
You can follow the editor on Twitter @lconstantin