eWeek Security Watch
Advertisement
Advertisement
December 19, 2007 3:38 PM

Opera Sings the Patching Blues



opera_logo.gif Alternative browser maker Opera Software has released a "highly critical" update to fix a batch of potentially serious security vulnerabilities.

According to a Secunia advisory, the bugs can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a user's system.

The skinny, from Opera's documentation:

  • An error can be exploited via certain plugins to conduct cross-domain scripting attacks.

  • An error within the processing of TLS certificates can be exploited to execute arbitrary code.

  • An error within Rich text editing when using designMode can be exploited to conduct cross-domain scripting attacks.

  • An error within the processing of bitmaps can be exploited to disclose the contents of random memory areas.

    • Opera users are strongly advised to update to Version 9.25.

    Posted by Ryan Naraine on December 19, 2007 3:38 PM

    | Comments (0) | del.icio.us | digg.com | Trackback | Post a Comment
    TrackBack

    TrackBack

    http://securitywatch.eweek.com/cgi-bin/mte/mt-tb.cgi/12286

    Post a Comment

     
     
    RSS Syndication

    Security News

    Advertisement

    TLD regulation

    Adware

    Android

    Apple

    Applications Whitelisting

    AV tools

    Backdoor

    BlackBerry

    Blacklisting

    Blended attack

    Botnet CnCs

    Botnets

    Browsers

    CAG

    China

    Cisco

    click fraud

    Cloud computing

    Conficker

    Corporate espionage

    Cyber-war

    Data Breach

    Data Security

    Data securityAdd category

    Database security

    DDoS

    Disaster Planning

    domain registration abuse

    e-banking fraud

    eBay

    Enterprise security strategy

    Ethical hacking

    Exploits and Attacks

    Facebook

    File-sharing

    Flaws

    Google

    Government standards

    Hactivism

    ID theft

    Identity fraud

    Identity Theft

    iframe

    Illegal pharmacies

    Industry events

    Infrastructure security

    Internet regulation

    Intrusion Detection/Prevention

    iPhone

    ISPs

    Java

    MAAWG

    Malware

    Malware toolkits

    Mergers and Acquisitions

    Messaging security

    Microsoft

    Microsoft Windows

    Mobile malware

    multimedia

    NIST

    Online malware

    Open Source

    Oracle

    Patches

    Phishing and Fraud

    PowerPoint

    Privacy

    Product Reviews

    Products

    Regulation

    Risk Management

    Rogue AV

    Rootkits

    RSA Security Conference

    Russia

    SaaS

    SCADA

    Search

    SEO

    SEO poisoning

    Smartphone security

    Social engineering

    Social networking

    Spam

    SQL injection

    Trojan attacks

    Twitter

    video games

    Virus and Spyware

    Vulnerability Research

    Web 2.0

    Windows 7

    YouTube

    Advertisement
    Security Watch     Contact Us | Advertise | Site Map
    eWEEK Quick LInks

    Security:
    Enterprise Security
    Network Security
    Infrastructure Security
    How To: Data
    IT Security News
    Cheap Hack Blog
    Security Watch Blog
    Storage:
    Data Storage
    Cloud Storage
    Storage Virtualization
    Network Access Storage
    Storage Reviews
    Data Storage News
    How To: Storage
    Storage Station Blog
    Computing:
    Apple OSX
    Linux Systems
    Windows Vista
    Managed Print Services
    Cloud Computing
    PC Reviews
    Microsoft Watch Blog
    Apple Watch Blog
    Google Watch Blog
    Communications:
    VoIP Solutions
    Wireless Technology
    Messaging Software
    Web Services
    Mobile Applications
    Wireless News
    Mobile Reviews
    Apps & Development:
    Application Development
    SAAS
    Search Engines
    Database Software
    Web 2.0
    IT Project Management
    Emerging Tech Blog
    CIO Insight Blogs
    CIOs

    Vertical Markets:
    Federal Government IT
    Health Care IT
    Finance IT
    Mid-Market
    Channel Partners
    Careers Blog
    Value Added Resellers
    More eWeek Links:
    Tech Knowledge Center
    Tech Newsletters
    Tech RSS Feeds
    White Papers
    Tech Podcasts
    Tech Videos
    Green IT
    eWeek Magazine Subscriptions
    Enterprise Websites:
    ZDE Home
    Baseline
    Channel Insider
    CIO Insight
    eSeminars
    eWeek Mid-Market
    Publish Online
    Web Buyers Guide
    Developer Websites:
    Dev Shed
    DeveloperShed
    ASP Free
    MS DevSource
    SEO Chat
    Codewalkers
    Tutorialized
    Scripts.com
    Dev Mechanic
    Dev Articles
    Web Hosters
    Dev Hardware
    Technology Websites:
    Device Forge
    Desktop Linux
    Linux Devices
    Windows for Devices
    iGrep Search Engine
    PDF Zone
    Linux Watch

    Use of this site is governed by our Terms of Use and Privacy Policy
    Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt, and eWeek Security Watch are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
    eWeek is your best source for the latest Technology News.
    Hosted by Hostway.

    Ziff Davis Enterprise