In association with heise online

03 April 2008, 15:07

Security holes in Opera closed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 9.27 of the Opera fixes a number of vulnerabilities that attackers could use to inject malicious code. The new version is also claimed to be more stable than its predecessors.

Security expert Michal Zalewski has reported two vulnerabilities in Opera. One can be triggered by newsfeeds embedded in web sites. A script on the web site can manipulate the source of the newsfeed so that Opera crashes and may execute injected code. The second vulnerability can be exploited by attackers using HTML canvas elements which, by means of unspecified image scaling functions, can also cause the browser to crash and execute injected code. A further security-related change relates to the treatment of passwords input via the keyboard. Here, too, the developers of Opera give no detailed explanation of the error.

Version 9.27 is also claimed to run more stably during BitTorrent transmissions, and it has shown improved stability under the Acid3 test. The current version can be downloaded now from the Opera web sites. Users of the browser should run the update as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit