Opera Software has updated its browser to fix a “highly critical” flaw attackers could exploit to run malicious code on targeted machines. Like Firefox, many use Opera as an alternative to Microsoft’s Internet Explorer browser, which has suffered countless attacks over the years.
According to the Opera security advisory, “A virtual function call on an invalid pointer that may reference
data crafted by the attacker can be used to execute arbitrary code.” Danish vulnerability clearinghouse Secunia put it this way in its SA26477 advisory: “The vulnerability is caused due to an unspecified error when processing JavaScript code and can result in a virtual function call using an invalid pointer. This can be exploited to execute arbitrary code by tricking a user into visiting a malicious Web site.”
The flaw has been fixed in Opera 9.23.
In its advisory, Opera tips it hat to Mozilla.org for providing their JavaScript fuzzer during the mitigation process.
