Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to disclose sensitive information or compromise a user's system.
1) An error exists when processing HTTP responses having a malformed "Content-Length" header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit "Content-Length" value, having the higher 32-bit part negative.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 10.50 for Windows. Prior versions may also be affected.
2) An error when parsing XSLT constructs can be exploited to disclose cached content from previously visited web pages.
The vulnerability is reported in versions prior to 10.51.
Solution: Update to version 10.51.
Provided and/or discovered by: 1) Marcin Ressel (~echo). Additional information provided by Secunia Research.
2) The vendor credits crazypops.
Original Advisory: Opera:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Opera Buffer Overflow and Information Disclosure