Opera 9.63 Security Update, Switching Focus from Opera 10 Alpha 1
Now that Opera 10 Alpha 1 is already out there, and it is impressive if you consider the Acid3 tests alone, the development team at Opera Software has issued Opera 9.63, an update that is meant to address a few critical security holes in the browser. If you are an Opera fan and you are the kind of user that is security oriented, then you must know that the recent Opera 9.61 and Opera 9.62 updates were also meant to plug some security holes.
The problems within Opera 9.61 were fixed by Opera 9.62, but according to security researcher Aviv Raff, some bugs slipped by – queue in Opera 9.63 and its Opera Presto 2.1.1 engine. A total of 7 issues have been solved with the recent Opera 9.63 update:
- The extremely severe vulnerability that caused a buffer overflow when certain text-area contents were manipulated. This lead to arbitrary code execution on the targeted machine.
- The extremely severe vulnerability that caused an unexpected DOM change when handling certain HTML constructs. This lead to the browser crashing.
- The highly severe vulnerability that caused a buffer overflow when handling very long URLs. This lead to arbitrary code execution on the targeted machine.
- The highly severe vulnerability that allowed an attacker to subscribe the user to malicious feeds and also view the feeds the users is subscribed to. This problem occurred because Opera until now did not correctly block scripted URLs when previewing news feeds.
- The highly severe vulnerability that caused the built-in XSLT templates to handle escaped content in an incorrect manner and consequently treat it as markup. This could allow an attacker to inject scripted markup which would be executed in the web page’s security context.
- Random data no longer can be revealed.
- Java and plug-in content can no longer be executed by means of <img> tags in embedded SVG images.
The bottom line is this: if you want to stay protected (as you may have noticed most of the vulnerabilities are rated highly critical and extremely critical) it is vital that you upgrade your Opera browser.
The problems within Opera 9.61 were fixed by Opera 9.62, but according to security researcher Aviv Raff, some bugs slipped by – queue in Opera 9.63 and its Opera Presto 2.1.1 engine. A total of 7 issues have been solved with the recent Opera 9.63 update:
- The extremely severe vulnerability that caused a buffer overflow when certain text-area contents were manipulated. This lead to arbitrary code execution on the targeted machine.
- The extremely severe vulnerability that caused an unexpected DOM change when handling certain HTML constructs. This lead to the browser crashing.
- The highly severe vulnerability that caused a buffer overflow when handling very long URLs. This lead to arbitrary code execution on the targeted machine.
- The highly severe vulnerability that allowed an attacker to subscribe the user to malicious feeds and also view the feeds the users is subscribed to. This problem occurred because Opera until now did not correctly block scripted URLs when previewing news feeds.
- The highly severe vulnerability that caused the built-in XSLT templates to handle escaped content in an incorrect manner and consequently treat it as markup. This could allow an attacker to inject scripted markup which would be executed in the web page’s security context.
- Random data no longer can be revealed.
- Java and plug-in content can no longer be executed by means of <img> tags in embedded SVG images.
The bottom line is this: if you want to stay protected (as you may have noticed most of the vulnerabilities are rated highly critical and extremely critical) it is vital that you upgrade your Opera browser.
