Opera, Netscape ship 'critical' browser patches

Opera, Netscape ship 'critical' browser patches

Summary: Browser makers Opera and America Online (Netscape) have released patches to fix multiple vulnerabilities that expose millions of users to code execution and cross-site scripting attacks.

SHARE:
TOPICS: Browser
4

Browser makers Opera and America Online (Netscape) have released patches to fix multiple vulnerabilities that expose millions of users to code execution and cross-site scripting attacks.

Opera, Netscape ship 'critical' browser patchesThe Opera update, rated "highly critical" by Secunia, address two vulnerabilities that can lead to system compromise. All versions of Opera for Desktop prior to Opera 9.24 are affected.

The most serious of the two bugs is an issue that causes Opera to launch external e-mail or newsgroup clients incorrectly.

Opera's warning:

If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code.

The second issue is described as an error when the browser processes frames from different Web sites.

When accessing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site.

Opera users are strongly encouraged to upgrade to version 9.24.

FINALLY, FIXES FROM NETSCAPE

Opera, Netscape ship ‘critical’ browser patchesA new version of America Online's Netscape Navigator browser, previously known simply as Netscape 9, has been released with fixes pulled from Mozilla Firefox.

Netscape, based on Firefox, had been missing patches since Firefox 2.0.0.4. The Firefox code base is now up to Firefox 2.0.0.7.

As is customary, AOL did not release a security advisory or mention any of the security patches for Netscape.

The only clue that the Firefox patches were rolled into this release is this line in the release notes: "Netscape Navigator 9.0 is based on Mozilla Firefox 2.0.0.7."

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Does this affect firefox/mozilla?

    Do any of these problems affect firefox or moz?
    kraterz
    • not anymore

      Firefox 2.0.0.7 contained fixes for those vulnerabilities. The vulnerabilities were those affecting 'custom' protocols (like 'mailto://' or 'torrent://'). IE7/Vista is somewhat protected from this kind of vulnerabilities; IE7/XP is still 100% vulnerable.

      The vulnerability lies in improperly escaped protocol-specific characters in a query.
      Mitch 74
  • RE: Opera, Netscape ship 'critical' browser patches

    I love Ryan Naraine articles. They're always very informative and complete. Nice work!
    qmlscycrajg
  • FireFox Also Updated to ver 2.0.0.8

    Mozilla issued a similar update today (Oct 19) to FireFox, now in version 2.0.0.8.
    dl9