Opera has released a new version of its Opera web browser. Among other changes version 9.60 contains also patch to two vulnerabilities.
First vulnerability makes it possible to execute arbitrary code in target system using specially crafted addresses. If a malicious page redirects Opera to a specially crafted address (URL), it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page.
Another, Java applets related vulnerability, makes it possible to read sensitive information. Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it to run in the context of the local machine. This allows it to read other cache files on the computer or perform other normally more restrictive actions. These files could contain sensitive information, which could then be sent to the attacker.
Opera users are recommended to update their versions to version 9.60.
Changelogs can be found here.
More information on the vulnerabilities:
http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/
http://www.securityfocus.com/bid/31631
http://www.securityfocus.com/bid/31643
http://www.matasano.com/log/1182/i-broke-opera/
Thursday, October 9, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment