In the browser Opera 12.11 there is vulnerable Write AV , which is shown when you open a GIF-file which crashes the browser.
Because of incorrect exception handling in Opera when opening a specially crafted GIF-file there is heap corruption. Theoretically, this vulnerability in the browser can be used to create malicious exploits, so to fix this using this browser may not be safe.
It should be noted that this is not the first problem with security in Opera recently. In early October 2012 vulnerability was discovered in Opera 12, which allows you to use images and specific headers to redirect visitors to another site. Many sites have been a victim of this vulnerability.
If the code page is opened, an attacker could place a tag like this:
< img src="hxxp://evil.com/evil.png" alt="" / >
(Where evil.com – controlled by the server)
and pay when prompted http://evil.com/evil.png following headline:
Refresh: 0; url = data: application / internet-shortcut, [INTERNETSHORTCUT]% 0D% 0AURL = http://evil.com/
the browser Opera 12 will automatically jump to that address.
Opera Company representatives said they did not consider this vulnerability, and blame the owners of websites that “do not hold control input from untrusted users.” Despite this, browser developers have decided to meet webmasters – and fixed the “You” in the version of Opera 12.10.