Opera web browser 10.6 update closes critical vulnerability
Opera Software has announced the release of version 10.63 of its Opera web browser, a security and stability update that addresses five vulnerabilities, one of them rated as critical. According to the developers, the latest stable release addresses a critical issue in the browser that allows cross-site scripting (XSS) attacks to take place that could lead to the execution of arbitrary code on a user's system. For an attack to be successful, a victim must simply visit a specially crafted page.
Various stability problems, such as a bug that would cause the browser to use 100% of a system's CPU at start-up, have also been fixed. Other changes include updates that improve Opera Unite Messenger and Opera Link reliability. The developers advise all users to upgrade.
Further information about the browser security update can be found in a post on the Opera Blog and in the change logs (Windows, Mac OS X, Unix). Opera 10.63 is available to download for Windows, Mac OS X and Linux from the company's site. Existing users can upgrade using the built-in update function.
As previously reported, the 10.6x branch will be the last release with support for the PowerPC architecture. According to Opera Developer Daniel Aleksandersen, the company is dropping support for the processor technology as only 0.1% of Opera users still use PowerPC-based systems.
- Reloads and redirects can allow spoofing and cross site scripting, security advisory from Opera.
- Cross-domain checks may be bypassed, allowing limited data theft using CSS, security advisory from Opera.