Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Opera 9.6.3 released with security fixes InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Opera 9.6.3 released with security fixes

Published: 2008-12-17
Last Updated: 2008-12-17 16:45:20 UTC
by donald smith (Version: 1)
0 comment(s)

Is this browser patch day?
We have a patch coming out for IE today.
http://isc.sans.org/diary.html?storyid=5506
Firefox released an upgrade yesterday that addressed several security issues
http://isc.sans.org/diary.html?storyid=5506
Opera has released a new version to address security issues.
http://www.opera.com/docs/changelogs/windows/963/
Opera 9.63 was just released. It addresses the following security issues.
Manipulating text input contents can allow execution of arbitrary code, as reported by Red XIII.
HTML parsing flaw can cause Opera to execute arbitrary code, as reported by Alexios Fakos.
Long hostnames in file: URLs can cause execution of arbitrary code, as reported by Vitaly McLain.
Script injection in feed preview can reveal contents of unrelated news feeds, as reported by David Bloom.
Built-in XSLT templates can allow cross-site scripting, as reported by Robert Swiecki of the Google Security Team.
Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas.
SVG images embedded using <img> tags can no longer execute Java or plugin content, suggested by Chris Evans
.

0 comment(s)
Diary Archives