Three vulnerabilities have been identified in popular web browser Opera.
First, if a user has configured Opera to use an external newsgroup client or email application, a specially crafted web page can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code.
Second, when accessing frames from different web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, a script of the attacker’s choice can run in the context of the target site.
Both of the above issues are present in Opera for Desktop prior to version 9.24.
Third, a security issue in Adobe Flash Player 9.0.47.0 and earlier running in Opera on Mac OS X has been found. Details about the vulnerability will be disclosed at a later date.
All three vulnerabilities are fixed in Opera version 9.24, so anyone not already running that version should upgrade now.
As far as web browser vulnerabilities are concerned, Opera users are probably much safer than those who run Microsoft® Internet Explorer®. However, the Opera user base is still certainly large enough to attract exploits, so Opera is no exception to the rule of keeping one’s software updated.
Have you been affected by a software vulnerability? How could they be avoided? Please leave your comments!
External links:
Post a Comment