More web browser security issues. Opera this time...


« More news on the IE security flaw | Main | Free Antivirus Software Security Problems »

12/19/2008



More web browser security issues. Opera this time...

Kevin R. Smith
Co-Editor


Just when you thought it was safe to go back in the water after the last round of security alerts and news on Internet Explorer trojan vulnerabilities, Opera announced they have some bugs of their own to take care of, too, in versions prior to 9.63 of the web browser.

To date Opera has had one of the finest track records of computer security for any web browser. It also has a great reputation for reliable rendering and for overall speed and stability, but as with all software at any price, there are bugs.

In this particular case, there are several Opera security vulnerabilities. They range in severity from "Highly severe" to "Extremely severe" and cover the following issues:

Vulnerability   Rating   Details
Manipulating text input contents can allow execution of arbitrary code, as reported by Red XIII. Extremely Severe Text input manipulation, ID 920
HTML parsing flaw can cause Opera to execute arbitrary code, as reported by Alexios Fakos. Extremely Severe HTML parsing, ID 921
Long hostnames in file: URLs can cause execution of arbitrary code, as reported by Vitaly McLain. Highly Severe Long hostnames in file, ID 922
Script injection in feed preview can reveal contents of unrelated news feeds, as reported by David Bloom. Highly Severe News feed script injection, ID 923
Built-in XSLT templates can allow cross-site scripting, as reported by Robert Swiecki of the Google Security Team. Highly Severe Cross-site scripting (XSS), ID 924
Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas. (Details to follow "at a later date".) N/A N/A


We salute Opera for their speedy response and (nearly) full disclosure, and lest it go unsaid, take a second to be certain you're up-to-date on your antivirus firewall software

Here are Opera's complete details of Opera 9.63 fixes.

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a0133f40d81f4970b0134876491fd970c

Listed below are links to weblogs that reference More web browser security issues. Opera this time... :

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.