Opera fixes security holes
The developers of the Norwegian Opera web browser have released Version 9.25. Four security holes have been fixed, in addition to a bug as a result of which malformed BMP files could cause the browser to freeze.
An issue with TLS certificates in older versions of the browser could be used to execute arbitrary code. Plug-ins could be used to allow cross domain scripting. The company is not releasing any detailed information on these vulnerabilities at the moment but says it will do so at a later date.
Further, by using the designMode in rich editing with the built-in rich text format editor, Web pages could inject script code from other domains into Web pages. Another vulnerability, which has not yet been fully explained, allowed bitmaps to reveal arbitrary data from memory.
Although no details are known about the TLS vulnerability, which apparently allows an attacker to infiltrate and execute arbitrary code via manipulated servers, Opera users should update to the current 9.25 version as soon as possible. The new release for Windows, Mac OS X, Linux, FreeBSD and Solaris is available for download now.
- Changelog for Opera 9.25 for Windows, summary of the changes in Opera 9.25
- Rich editing allows cross domain scripting, Opera security advisor
- Opera 9.25 download