In association with heise online

19 October 2011, 16:56

Opera closes SVG hole - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Opera logo An update to the Opera web browser, version 11.52, closes the critical hole in the code for processing SVG content within framesets. With this measure, the browser developers have responded to the hole only days after an exploit was released.

Earlier, the developer who discovered the security hole had complained that he had already submitted the relevant information to Opera almost a year before. When the latest version still remained vulnerable, the developer said that he decided to release the details and the exploit. Opera's security advisory contains no further information. However, the change log at least reveals that the new version also fixes a few other minor problems.

Update: A blog post from Opera's security group details their view of events. They confirm that they recieved information about the bug, but that it was only reproducable on older versions of the browser, not current versions. They say that they contacted the researcher asking if it was exploitable on current versions but got no response – up until the publication of the current exploit.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit