More web browser security issues. Opera this time...
Just when you thought it was safe to go back in the water after the last round of security alerts and news on Internet Explorer trojan vulnerabilities, Opera announced they have some bugs of their own to take care of, too, in versions prior to 9.63 of the web browser.
To date Opera has had one of the finest track records of computer security for any web browser. It also has a great reputation for reliable rendering and for overall speed and stability, but as with all software at any price, there are bugs.
In this particular case, there are several Opera security vulnerabilities. They range in severity from "Highly severe" to "Extremely severe" and cover the following issues:
|Manipulating text input contents can allow execution of arbitrary code, as reported by Red XIII.||Extremely Severe||Text input manipulation, ID 920|
|HTML parsing flaw can cause Opera to execute arbitrary code, as reported by Alexios Fakos.||Extremely Severe||HTML parsing, ID 921|
|Long hostnames in file: URLs can cause execution of arbitrary code, as reported by Vitaly McLain.||Highly Severe||Long hostnames in file, ID 922|
|Script injection in feed preview can reveal contents of unrelated news feeds, as reported by David Bloom.||Highly Severe||News feed script injection, ID 923|
|Built-in XSLT templates can allow cross-site scripting, as reported by Robert Swiecki of the Google Security Team.||Highly Severe||Cross-site scripting (XSS), ID 924|
|Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas. (Details to follow "at a later date".)||N/A||N/A|
We salute Opera for their speedy response and (nearly) full disclosure, and lest it go unsaid, take a second to be certain you're up-to-date on your antivirus firewall software
Here are Opera's complete details of Opera 9.63 fixes.
TrackBack URL for this entry:
Listed below are links to weblogs that reference More web browser security issues. Opera this time... :
The comments to this entry are closed.