Original URL: http://www.theregister.co.uk/2008/10/10/opera_update/
Opera update quietly fixes bug brace
Shh, we're guarding against 'severe' vulns
Posted in Enterprise Security, 10th October 2008 10:18 GMT
Free whitepaper – Assuring application service quality
Opera has patched a brace of critical vulnerabilities with the release of the latest version of its web browser.
The release notes [1] accompanying Opera version 9.60 focused on features such as speed improvements and a cleaner layout for feeds. But underneath the bonnet, a couple of security vulnerabilities have been patched.
Firstly, the improper validation of URLs left users of earlier versions of the browser at risk [2] from code injection attacks. The bug was unearthed by security firm Matasano. More details on the implications of the bug can be found in a bug entry here [3].
The second flaw [4] involves the unsafe storage of cached Java applets, which created a possible mechanism for hackers to harvest sensitive information.
An quick overview of the flaws can be found in an advisory by security clearing house US CERT here [5]. ®