The Mac Security Blog
The Opera web browser has been updated to fix a high-risk cross-scripting vulnerability, as well as a low-risk JavaScript issue. Version 11.61 also improves stability. In addition, Opera has added an auto-update mechanism. When launching version 11.60, users see an upgrade notice, and a message indicates that, “You will never have to upgrade manually again, because the newest version of Opera contains an auto-update mechanism.”
Opera has released a security update to the company’s web browser, patching a critical vulnerability whereby certain framesets can lead to memory corruption. The current version of the program, Opera 11.11, is available via the program’s auto-updater, or from the Opera website.
Opera has updated its web browser to version 11.01, fixing a number of bugs, and correcting five security vulnerabilities, one of which the company considers critical. The critical flaw involves “Large form inputs [that] can allow execution of arbitrary code,” and is described as:
When certain large form inputs appear on a web page, they can cause Opera to crash. In some cases, the crash can lead to memory corruption, which could be used to execute code. To inject code, additional techniques will have to be employed.
In addition, the latest version of Opera enables Mac OS X file quarantine. This is the feature that sets a flag on downloaded files so the Finder can alert users when opening them that they were downloaded from a web site.
Opera is available here, and is a 13.2 MB download.
In the security business, it’s generally the rule to publish information about security patches: what they fix, or at least the type of threat that has been mitigated. Opera has updated its web browser, and their changelog for the latest version lists several security issues, but some of their descriptions read,
Fixed an extremely severe issue; details will be disclosed at a later date.
Fixed a moderately severe issue; details will be disclosed at a later date.
Fixed a less severe issue; details will be disclosed at a later date.
This is quite odd, but it seems that these issues may also affect other browsers. In a Cnet article, Opera spokesman Thomas Ford “explained that this was because of responsible disclosure practices, contingent upon agreements with each individual security researcher, and that other browser publishers may not have yet had time to patch their browsers.” So we may be dealing with issues that pose threats to other browsers, which may need to be updated as well. We’ll keep you posted.
In the meantime, if you use Opera, make sure you download the latest version.
Opera Software has issued an update for its eponymous browser. There was an “extremely severe” flaw in the code, as described here:
Multiple asynchronous calls to a script that modifies the document contents can cause Opera to reference an uninitialized value, which may lead to a crash. To inject code, additional techniques will have to be employed.
Opera has been updated to version 10.53, and users can download a new version here.