Advisory: Multiple asynchronous document modifications can be used to execute arbitrary code

April 28, 2010

Affected versions

This vulnerability affects Opera for Windows and Mac.

Severity

Extremely Severe

Description

Multiple asynchronous calls to a script that modifies the document contents can cause Opera to reference an uninitialized value, which may lead to a crash. To inject code, additional techniques will have to be employed.

Opera's Response

Opera Software has released Opera 10.53, where this issue has been fixed.