Opera, Netscape ship 'critical' browser patches

Summary:Browser makers Opera and America Online (Netscape) have released patches to fix multiple vulnerabilities that expose millions of users to code execution and cross-site scripting attacks.

Browser makers Opera and America Online (Netscape) have released patches to fix multiple vulnerabilities that expose millions of users to code execution and cross-site scripting attacks.

Opera, Netscape ship 'critical' browser patches
The Opera update, rated "highly critical" by Secunia, address two vulnerabilities that can lead to system compromise. All versions of Opera for Desktop prior to Opera 9.24 are affected.

The most serious of the two bugs is an issue that causes Opera to launch external e-mail or newsgroup clients incorrectly.

Opera's warning:

If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code.

The second issue is described as an error when the browser processes frames from different Web sites.

When accessing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site.

Opera users are strongly encouraged to upgrade to version 9.24.

FINALLY, FIXES FROM NETSCAPE

Opera, Netscape ship ‘critical’ browser patches
A new version of America Online's Netscape Navigator browser, previously known simply as Netscape 9, has been released with fixes pulled from Mozilla Firefox.

Netscape, based on Firefox, had been missing patches since Firefox 2.0.0.4. The Firefox code base is now up to Firefox 2.0.0.7.

As is customary, AOL did not release a security advisory or mention any of the security patches for Netscape.

The only clue that the Firefox patches were rolled into this release is this line in the release notes: "Netscape Navigator 9.0 is based on Mozilla Firefox 2.0.0.7."

Topics: Browser

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.