Opera Fixes Security Holes

Wednesday, December 7, 2011 @ 01:12 PM gHale


Version 11.60 of Opera closes three security holes in the web browser.

Code-named “Tunny”, the update addresses a vulnerability affecting some two- and three-letter top-level domains (TLD) that could allow cookies to set in the TLD itself; other sites using that TLD could then read these cookies.

RELATED STORIES
Looking for a SSL Fix
Targeted Attacks on Rise
Compromise: When to Revoke Certificates
Microsoft Fixes SSL Miscue

That is a problem related to a weakness in the SSL v3.0 and TLS 1.0 specifications which an attacker could use for eavesdropping attacks against some applications, and a cross-domain information leakage problem in the JavaScript “in” operator. The browser maker fixed those vulnerabilities as well.

In addition to the security fixes, Opera 11.60 has a new HTML engine that should, according to its developers, improve loading time for a majority of web sites, including pages using Secure Sockets Layer (SSL) encryption technology.

Other changes include a completely revamped built-in mail client (M2) that’s said to be easier to setup and use, and improvements to the address (URL) field to allow users to quickly add their favorite sites to the browser’s Speed Dial.



Leave a Reply

You must be logged in to post a comment.