Opera Fills Security Holes

Wednesday, June 20, 2012 @ 02:06 PM gHale


Security fixes continue as Opera released version 12 of its web browser, which adds a Do Not Track (DNT) feature.

Opera fixed the following security issues with its latest browser: Hidden keyboard navigation that could allow cross-site scripting or code execution; a combination of clicks and key presses that could lead to cross-site scripting or code execution; cross-domain JSON resources that may end up exposed as JavaScript variable data; carefully timed reloads, redirects, and navigation that could spoof the address field; pages that could prevent navigation to a target page, spoofing of the address field; and a “moderate severity issue,” details officials will disclose at a later date.

RELATED STORIES
Opera Release Closes Security Hole
Skype for Linux Security Fix
Skype Alert: Tool can ID IP Address
Top HTTPS Websites Insecure
Hackers Find Global XSS Flaws
XSS Flaw in Skype Shop

In addition, Opera said it was adding a DNT function to its browser. Opera researcher Karl Dubost explained why DNT is important to his company.

“We are both a browser implementer and a service provider. The recently released build will help us to understand the interactions and the issues it might create when a user is activating the DNT: 1 header. We would like to see how implementable the Working Group suggestions are on the server side too. Our social network, My.Opera, and the very useful Opera Mini browser have to be tested against the specification”, he said.

In May, Opera released version 11.64 of the web browser which closed a critical hole that attackers could exploit to inject malicious code into a victim’s system.

Some undisclosed formulations of URLs caused the browser to allocate the incorrect amount of memory for storing the address, the company said.



Leave a Reply

You must be logged in to post a comment.