Opera patches seven security flaws

Summary:A new version of the browser has been released as a 'recommended security upgrade', to tackle several flaws, two of them rated 'extremely severe'

Opera has issued an update to its web-browser software to fix seven vulnerabilities, two of them rated by the company as 'extremely severe'.

Opera 9.63, released for download on Tuesday, only applies to Microsoft Windows PCs and is described by the company as a 'recommended security upgrade'.

One of the two most serious flaws tackled by the update could allow an attacker to manipulate text input to cause a buffer overflow, and then execute arbitrary code, meaning that the attacker could take remote control of the computer. The second critical flaw relates to HTML parsing, and means that certain HTML could cause unexpected changes that trigger a crash. An intruder would have to use additional techniques to inject code, Opera said in an advisory.

Three other issues are rated 'highly severe'. Lost hostnames in file: URLs could be exploited to cause a buffer overflow, which could be used to execute arbitrary code. However, people would need to be tricked into manually opening a malicious URL for an attack to be launched, Opera said.

The second 'highly severe' vulnerability affects previews of news feeds, and could let an intruder see the contents of a user's feeds. The third vulnerability relates to incorrect handling of escaped content in built-in XSLT templates.

The remaining issues do not carry a severity rating, and relate to a problem that could reveal random data, and an issue with the embedding of SVG images.

Opera users can find more details on the security issues in the release notes for the update.

Topics: Security

About

Colin has been a computer journalist for some 30 years having started in the business the same year that the IBM PC was launched, although the first piece he wrote was about computer audit. He was at one time editor of Computing magazine in London and prior to that held a number of editing jobs, including time spent at the late DEC Compu... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.