Wednesday, October 22, 2008

Opera Patches Vulnerabilities

Opera Software has released updated version of its Opera web browser. New version fixes three vulnerabilities.

The first vulnerability makes it possible for an attacker to inject Javascript code into browsing history search page making it possible to look through the user's browsing history, including the contents of the pages user has visited.

The second vulnerability makes it possible to execute scripts in the context of an unrelated frame, which allows cross-site scripting.

The third vulnerability is related to an incomplete blocking of Javascript code while previewing news feed. These scripts are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information.

Opera users with version below 9.61 are instructed to update their browsers to the latest version.

No comments: