Opera ships security patches, adds malware blocker

Opera ships security patches, adds malware blocker

Summary: Opera users, get your browser patching engine ready.The Norwegian software maker has released version 9.

TOPICS: Security, Malware

Opera issues security patchesOpera users, get your browser patching engine ready.

The Norwegian software maker has released version 9.5 as a recommended security and stability update that includes patches for at least three serious security vulnerabilities.

The update, available here for download, patches the following:

Vulnerability #1:  When a page address contains certain characters, they can cause the page address text to be misplaced. In some cases, this could make characters be indistinguishable from each other, allowing some site addresses to look like other site addresses.

Vulnerability #2:  HTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the image data should no longer be available to scripts. A flaw exists in the way that Opera checks for the source of these images. Suitable manipulation can cause Opera to reveal the image data to scripts.

Vulnerability #3:  Pages from different sources held on the same parent page should not be able to modify the locations of each other. In affected Opera versions, if a page contains frames from both a trusted but not secured, and an untrusted source, the untrusted page is able to replace the contents of a named trusted frame, causing it to display misleading information. Note that since the untrusted frame could also display misleading information as its own contents, authors of sites containing sensitive information should not place frames from untrusted sources on their pages, without offering the user some means to identify the content as untrusted.

[SEE: Ex-Softies launch anti-malware startup ]

The new version also introduces anti-malware protection (a partnership with Haute Secure), upgraded phishing detection technologies, support for EV (extended validation) certificates, improvements to certificate handling, and a new security notification scheme in the address field.

* Photo credit: andreas Flickr photostream (CC 2.0)

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • pathetic article

    Horrible article describing any brand new version of any software. I'm guessing that When IE 8 and Firefox 3 come out after being in beta for 1-2 years... the title will be "Microsoft patches vulnerabilities" and "Mozilla foundation patches Firefox holes?"

    This is a brand new version of Opera after a year of beta status with a ton of new features and a new interface. And all you can say is a bunch of security vulnerabilities have been patched, and oh, btw, a few other features. Bah!
    • Consider your surroundings

      You're reading a security blog, not a browser/feature blog. We concentrate only on the security side of things.

      Ryan Naraine
      • Granted, on your point

        but...how about some indications of how the security features would come into play. I have been using 9.5 all day and have seen nothing referring to Haute Secure, and I cannot find anything in the HELP files or online at Opera.com.

        I have also been using all the Opera releases (including all wide released betas) since revision 8.53 - and again no mention of the above software.

        How about an example of expository writing and letting us know about these implemented features in detail?
  • RE: Opera ships security patches, adds malware blocker

    You make a good point, except that this is only one of 2 mentions of Opera 9.5 on ZD today and the other is nothing more than a poll.
    • RE: Opera ships security patches, adds malware blocker

      You are right! ZDNet blogs are mostly biased towards either their sponsors (MS) (for sponsorship) or where they perceive they would get more hits from their resp. faithful (Google, Apple, MS (again!), Ubuntu & Firefox). Did you check the number of blogs attributed to Firefox? I love both Opera and FF, but jeez, give us a break from the browser speed comparisons! Browser speeds are pretty moot anyway since different factors come into play: browser configuration, number of open tabs, add-ons, etc.
      • <Violin playing in melancholic...

        ...tone in the background.> "Woe is me" he says.

        QUOTE: "...Did you check the number of blogs attributed to Firefox?"

        Spare us the bleeding heart stories! Are you seriously suggesting that ZDNet is somehow forcing or coercing subscribers to write *screeds* of blogs and comments about IE and FF?

        Buddy, you had better get a reality check!

        If ZDNet happens to have a lot of comments about *other browsers* (i.e. IE and FF), in case you hadn't noticed, it's probably because the majority of users (be they ZDNet subscribers or no) use IE or FF.

        So, you can keep your violin player - just don't expect the rest of us to fall for the old "we want more air time" argument.

        The day Opera takes over as the browser with most users world wide, is the day you *might expect* more posts on ZDNet - let alone any other tech site. I foresee a *pretty long wait* for that day.

        "There is no such thing as reality (Per Se), merely what each individual perceives to be real."