Opera 11.61 fixes XSS vulnerability
Opera 11.61 addresses a "high" severity cross-site scripting (XSS) vulnerability that could be exploited by an attacker to bypass the same origin policy. A second issue, rated as "low" severity, in which remote pages could detect what local files a user has on their local machine, has also been fixed. Changes that are not related to security include an update to the default Speed Dials as well as fixes for the built-in email client and a number of bugs that caused the application to crash.
More details about the update can be found in the Windows, Mac and UNIX change logs, as well as the security advisories. Opera 11.61 is available to download for Windows, Mac OS X, Linux, FreeBSD and Solaris.
- Script events can be used to reveal the presence of local files, an Opera security advisory.
- Manipulation of framed content can allow cross-site scripting, an Opera security advisory.