In association with heise online

21 August 2008, 11:37

Opera 9.52 fixes many holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Opera version 9.52 fixes a number of security holes, at least two of which could be maliciously exploited. This includes an issue on Windows when Opera is registered as a protocol handler for an unspecified protocol, Opera would crash allowing for code injection, and an issue where external applications started from custom short cuts or menus, could have start-up parameters written into uninitialised memory. The latter issue requires significant user interaction to execute an attack, but worked on Windows, Linux, FreeBSD and Solaris.

Other updates include stopping new website content being loaded into existing frames, where phishers could get a pop-up window to load content in an existing window. There was also spoofing potential when subscribing to news feeds, which caused the wrong page address to be displayed. Versions before 9.52 also allowed feed links to refer to local files, allowing malicious sites to collect data on the presence of files. Other issues resolved include a new cross-site scripting vulnerability and a bug in the display of security information generated by insecure web pages.

As well as the security issues, Opera 9.52 fixes a large number of non-security issues, increasing its stability. The Opera developers recommend that users install this update, which is available for Windows, Linux, Solaris, Mac and FreeBSD.

See Also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-736981
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit