The vulnerabilities, disclosed to the BugTraq security mailing list over the weekend, allow rogue Web sites to take control of a victim's computer by exploiting weaknesses in the way the browser handles "skin" files, or configuration files that can change the look of a program.
An advisory, written by Jouko Pynnonen of Finland, describes scenarios that would allow an attacker to seize control of systems running Opera, all of which require some degree of user interaction to be successfully exploited.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
Though Pynnonen says one vulnerability affectsonly, the second vulnerability, a buffer overflow, will allow an attacker to take control of .
"The directory traversal problem doesn't exist on Linux...Other versions weren't tested," the advisory read, noting also that "the buffer overflow can be produced on Linux, too."
The new version of the Opera browser is available on the Web site of Norway-based Opera Software.
ZDNet Australia's Patrick Gray reported from