Opera ships security patches, adds malware blocker

Summary:Opera users, get your browser patching engine ready.The Norwegian software maker has released version 9.

Opera issues security patches
Opera users, get your browser patching engine ready.

The Norwegian software maker has released version 9.5 as a recommended security and stability update that includes patches for at least three serious security vulnerabilities.

The update, available here for download, patches the following:

Vulnerability #1:  When a page address contains certain characters, they can cause the page address text to be misplaced. In some cases, this could make characters be indistinguishable from each other, allowing some site addresses to look like other site addresses.

Vulnerability #2:  HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the image data should no longer be available to scripts. A flaw exists in the way that Opera checks for the source of these images. Suitable manipulation can cause Opera to reveal the image data to scripts.

Vulnerability #3:  Pages from different sources held on the same parent page should not be able to modify the locations of each other. In affected Opera versions, if a page contains frames from both a trusted but not secured, and an untrusted source, the untrusted page is able to replace the contents of a named trusted frame, causing it to display misleading information. Note that since the untrusted frame could also display misleading information as its own contents, authors of sites containing sensitive information should not place frames from untrusted sources on their pages, without offering the user some means to identify the content as untrusted.

[SEE: Ex-Softies launch anti-malware startup ]

The new version also introduces anti-malware protection (a partnership with Haute Secure), upgraded phishing detection technologies, support for EV (extended validation) certificates, improvements to certificate handling, and a new security notification scheme in the address field.

* Photo credit: andreas Flickr photostream (CC 2.0)

Topics: Security, Malware

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.