CVE-2010-2576

Name of the Vulnerable Software and Affected Versions Opera versions prior to 10.61

Description The issue allows remote attackers to conduct clickjacking attacks and execute arbitrary code via vectors involving closing or hiding a tab. Additionally, there are problems with the "Download" dialog that can be exploited to trick a user into clicking on the "Run" button by positioning a new window on top of the dialog. An error in the processing of painting operations on a canvas can cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. There is also an input sanitisation error in the handling of news feed previews that can be exploited to execute script code.

Recommendations For Opera versions prior to 10.61, update to version 10.61 or later to resolve the issue. As a temporary workaround, consider disabling the execution of downloadable executables from the "Download" dialog to minimize the risk of exploitation. Restrict access to news feed previews to prevent automatic subscription to feeds. Avoid using the browser until the update is applied.