Opera users, get your browser patching engine ready.
The Norwegian software maker has released version 9.5 as a recommended security and stability update that includes patches for at least three serious security vulnerabilities.
The update, available here for download, patches the following:
Vulnerability #1: When a page address contains certain characters, they can cause the page address text to be misplaced. In some cases, this could make characters be indistinguishable from each other, allowing some site addresses to look like other site addresses.
Vulnerability #2: HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the image data should no longer be available to scripts. A flaw exists in the way that Opera checks for the source of these images. Suitable manipulation can cause Opera to reveal the image data to scripts.
Vulnerability #3: Pages from different sources held on the same parent page should not be able to modify the locations of each other. In affected Opera versions, if a page contains frames from both a trusted but not secured, and an untrusted source, the untrusted page is able to replace the contents of a named trusted frame, causing it to display misleading information. Note that since the untrusted frame could also display misleading information as its own contents, authors of sites containing sensitive information should not place frames from untrusted sources on their pages, without offering the user some means to identify the content as untrusted.
The new version also introduces anti-malware protection (a partnership with Haute Secure), upgraded phishing detection technologies, support for EV (extended validation) certificates, improvements to certificate handling, and a new security notification scheme in the address field.
* Photo credit: andreas Flickr photostream (CC 2.0)