Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Opera update nixes critical flaws
Published: 2008-08-21

Browser maker Opera released an update to its software on Thursday, closing serious security vulnerabilities in the versions of its software for Windows, Mac, Linux and other operating systems.

The patch, which upgrades the Opera browser to version 9.5.2, closes 5 holes in Opera for Mac OS X, 6 holes in the Linux version and 7 holes in the version for Windows. The most critical flaw -- labeled "extremely severe" by Opera -- is a vulnerability that affects only Windows and could give an attacker the ability to remotely run a program by crashing Opera through an external application call, the software maker said in an advisory.

The software maker also fixed a "highly severe" flaw on all three platforms that could have allowed a malicious Web site to overwrite the content in a frame.

"Scripts are able to change the addresses of framed pages that come from the same site," the company stated in an advisory. "Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to open pages from other sites, and display misleading information on them."

In June, the browser maker announced its latest major version, Opera 9.5, adding a number of security-focused features, chief among them technology designed to block the downloading and execution of malicious code. The browser utilizes technology from start-up Haute Security, a company founded by four Microsoft employees, to block malicious pages from running code.

Opera users will automatically be notified of the latest update, but will have to download and install the software manually.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus