December 4, 2016

New Version of Opera Released to Fix Cross-site Scripting Vulnerability

(LiveHacking.Com) – Opera 11.61 has been released and it is recommended that all users upgrade to the latest version to benefit from the security and stablilty changes. With regards to security, Opera 11.61 fixes two security issues:

  • An issue where manipulation of framed content can allow cross-site scripting.
  • An issue where script events could be used to reveal the presence of local files.

The cross site script issue is the worse of the two and has been given a “High” vulnerability rating. According to the advisory “pages from unrelated sites should not be able to interact with the contents of each other – known as the same-origin policy. Certain manipulations of framed content, made before loading a target site in a frame, can cause Opera not to correctly apply this restriction. This allows malicious sites to perform cross-site scripting attacks against arbitrary target sites, executing scripts in the context of that target site.”

The other issue, which has a “Low” rating, fixes an issue where remote web pages could detect what types of files a user has on their local machine. The advisory reports that “certain types of HTML elements may behave differently when they attempt to reference local files that exist. The attempt to load the local file will be blocked, but different JavaScript events may fire, allowing the presence of the local file to be detected. The contents of the local file will not be exposed, and the attacker will need to be able to guess the path to the local file in order to check for its existence.”

Other non-security related changes include an update to the default Speed Dials as well as fixes for the built-in email client along with stability (crashing) fixes. More details about the update can be found in the WindowsMac and UNIX change logs. Opera 11.61 is available to download now.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks