Original URL: http://www.theregister.co.uk/2008/10/10/opera_update/
Opera update quietly fixes bug brace
Shh, we're guarding against 'severe' vulns
Posted in Enterprise Security, 10th October 2008 10:18 GMT
Free whitepaper – Systems management simplified
Opera has patched a brace of critical vulnerabilities with the release of the latest version of its web browser.
The release notes (http://www.opera.com/products/desktop/new/) accompanying Opera version 9.60 focused on features such as speed improvements and a cleaner layout for feeds. But underneath the bonnet, a couple of security vulnerabilities have been patched.
Firstly, the improper validation of URLs left users of earlier versions of the browser at risk (http://www.opera.com/support/search/view/901/) from code injection attacks. The bug was unearthed by security firm Matasano. More details on the implications of the bug can be found in a bug entry here (http://www.matasano.com/log/1182/i-broke-opera/).
The second flaw (http://www.opera.com/support/search/view/902/) involves the unsafe storage of cached Java applets, which created a possible mechanism for hackers to harvest sensitive information.
An quick overview of the flaws can be found in an advisory by security clearing house US CERT here (http://www.us-cert.gov/current/index.html#opera_releases_version_9_6). ®