Opera update draws the curtain on seven security vulns
Print storyKeeping schtum on XSS bug details, though
Posted in Spyware, 21st August 2008 13:57 GMT
Free whitepaper – Securing your Apache web server with a Thawte digital certificate
Opera users should upgrade their browser software following the discovery of multiple security bugs.
Version 9.5.2 of the Windows version of the software fixes seven vulnerabilities, including a startup crash that creates a means for hackers to inject hostile code on certain systems (details here). There's also a fix for a cross-site scripting (XSS) bug, details of which Opera is withholding.
XSS flaws, in general, allow hackers to present the content of third party sites under their control in the context of a site they wish to impersonate. The approach is therefore useful in phishing attacks or other similar scams.
The Norwegian firm has published links to advisories about the other six security fixes. The latest version of the browser includes numerous stability and performance improvements as detailed in Opera's release notes here.
An overview of the vulnerabilities can be found in an advisory by security notification firm Secunia here. ®
The business case for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Server-gated cryptography
Airport insecurity: the case of lost laptops
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive