EvilSeph
Administrator
Opera Software ASA has just released an important security update for version 9 of their browser, Opera. This update addresses a few security issues in previous builds of version 9 of Opera.
For those of you not aware of what Opera is, it is an alternative browser choice to Internet Explorer, Firefox, Safari etc. The main difference between Opera and the rest of the browsers is that Opera provides everything you need to browse the web safely, securely, efficiently and with speed. Unlike most browsers that require extensions to get extra functionality like an IRC client and Mail client, Opera provides that all for you right out of the box.
Although this should be the case with all updates, this one comes recommended by Opera ASA.
Changelog:
General
- Opera 9.63 incorporates the Opera Presto 2.1.1 user agent engine.
- Manipulating text input contents can allow execution of arbitrary code, as reported by Red XIII. See our advisory.
- HTML parsing flaw can cause Opera to execute arbitrary code, as reported by Alexios Fakos. See our advisory.
- Long hostnames in file: URLs can cause execution of arbitrary code, as reported by Vitaly McLain. see our advisory.
- Script injection in feed preview can reveal contents of unrelated news feeds, as reported by David Bloom. See our advisory.
- Built-in XSLT templates can allow cross-site scripting, as reported by Robert Swiecki of the Google Security Team. See our advisory.
- Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas. Details will be disclosed at a later date.
- SVG images embedded using <img> tags can no longer execute Java or plugin content, suggested by Chris Evans.
