Opera 10.10 Plugs Extremely and Highly Severe Security Holes
Article by George Norman
On 24 Nov 2009
The Opera Software team recently announced the release of Opera 10.10 as a final, stable software application. The most interesting thing about Opera 10.10 is that it has Opera Unite built-in. Thanks to Opera Unite users can turn their computer into a web server; they can for example share photos online or stream music to a mobile phone, game console or anther computer. As CEO Jon von Tetzchner sees it, Opera Unite helps the company deliver its promise to reinvent the web – promise Opera made when it first announced Opera Unite.

“We promised Opera Unite would reinvent the Web. What we are really doing is reinventing how we as consumers interact with the Web. By giving our devices the ability to serve content, we become equal citizens on the Web. In an age where we have ceded control of our personal data to third-parties, Opera Unite gives us the freedom to choose how we will share the data that belongs to us,” commented Jon von Tetzchner.


If Opera Unite is not enough to push you to update to version 10.10, here is something that just might – the 10.10 update fixes a extremely severe and a highly severe security vulnerability. For security reasons at lest, you should update your Opera browser to version 10.10.

The extremely severe vulnerability refers to a heap overflow in string to number conversion. When Opera uses JavaScript to parse very long strings through the string to number conversion, it may lead to heap buffer overflow. Most times this will result in Opera freezing or terminating. In some instances Opera will crash – if someone with malicious intent could get Opera to crash in this manner, then it could lead to remote code execution. Additional techniques will have to be used to inject code though.

The highly severe vulnerability refers to error messages that can leak to unrelated sites. Normally, scripting error messages are available only to the page that caused the error. In some instances these error messages could be passed to other sites – which is an issue if the error messages contain sensitive information. This vulnerability could be used for cross-site scripting. The upside is that the vulnerability only affects installations where stacktraces for exceptions are enabled (they are not enabled by default).

It should be noted that Opera 10.10 also fixes a moderately severe issue uncovered by Google Security Team member Chris Evans. Details on this vulnerability are being withheld for the time being. Opera Software announced it would disclose them “at a later date”.

Tags: Opera Software, Opera 10.10, Opera Unite, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Opera 10.10 Plugs Extremely and Highly Severe Security Holes
HTML Linking Code