Opera plugs browser flaws

Opera released version 8.01 of its Web browser last week with five security patches. The most serious issues are rated "moderately critical" by security monitoring company Secunia, which also discovered some of the problems.

The fixed flaws include an XMLHttpRequest redirect vulnerability and two cross-site scripting bugs, all of which could let an attacker access a victim's files or fake a trusted Web site, according to Secunia.

"Normally, it should not be possible for the XMLHttpRequest object to access resources from outside the domain of which the object was opened. However, due to insufficient validation of server side redirects, it is possible to circumvent this restriction," the advisory said.

Secunia rates the flaw as "moderately critical" and advices users to upgrade to Opera version 8.01, which can be downloaded from the browser manufacturer's Web site.

According to Opera's Web site, version 8.01 "includes security and small bug fixes as well as JavaScript improvements."

Two months after launching Opera 8 for Windows, the company also released the equivalent browser for Apple's Mac OS X 10.2 operating system.

According to Opera, the updated browser is the "most Macintosh-like version ever" because it has improved support for Apple's Human Interface Guidelines and Full Keyboard Access functionality.

Jon von Tetzchner, chief executive of Opera, said Mac users will enjoy using "a full featured browser that is not tied to the operating system... Rather than incurring costly upgrades to your OS to get the newest features, Opera allows Mac users to browse, e-mail, download and chat using one program, requiring minimal system resources due to Opera's small size".