Opera 11.60 fixes security bugs
Version 11.60 of Opera has been released and closes three security holes in the web browser. Code-named "Tunny", the update addresses a vulnerability affecting some two- and three-letter top-level domains (TLD) that could allow cookies to be set for the TLD itself; these cookies could then be read by other sites using that TLD. A problem related to a weakness in the SSL v3.0 and TLS 1.0 specifications which could be used for eavesdropping attacks against some applications, and a cross-domain information leakage problem in the JavaScript "in" operator, have also been fixed.
In addition to the security fixes, Opera 11.60 has a new HTML engine that should, according to its developers, improve loading time for a majority of web sites, including pages using Secure Sockets Layer (SSL) encryption technology. Other changes include a completely revamped built-in mail client (M2) that's said to be easier to setup and use, and improvements to the address (URL) field to allow users to quickly add their favourite sites to the browser's Speed Dial.
Further information about this release can be found in the Windows, Mac and Unix change logs, as well as in the security advisories. Opera 11.60 is available to download for Windows, Mac OS X, Linux and FreeBSD.
See also:
- Pages can set cookies and communicate cross-site for some top level domains, an Opera security advisory.
- A weakness in the SSL v3.0 and TLS 1.0 specifications can allow eavesdropping attacks against some applications, an Opera security advisory.
- JavaScript "in" operator allows leakage of cross-domain information, an Opera security advisory.
(crve)