Opera Software Patches Vulnerabilities In Opera 9.64 And Adds Anti-exploitation Mechanisms
Opera Software has shipped a high-priority security patch for its Web browser to plug at least three vulnerabilities that expose Windows users to code execution and cross-domain scripting attacks.
The Opera 9.64 upgrade also adds support for DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), two anti-exploitation mechanisms that helps to limit the damage from malware attacks on the Windows platform.
Opera has only released details on one of the three security vulnerabilities: specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code. Opera said the update also fixes an issue where plug-ins could be used to allow cross domain scripting and a third “moderately severe” issue that remains unexplained.
Security changes and improvements in Opera 9.64:
* Fixed an issue where specially crafted JPEG images ccould be used to execute arbitrary code, as reported by Tavis Ormandy of the Google Security Team; see our advisory
* Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by Adam Barth; details will be disclosed at a later date.
* Fixed a moderately severe issue; details will be disclosed at a later date.
* Added support for the following platform-specific features:
o DEP (Data Execution Prevention) in Microsoft WindowsXP® with Service Pack 2 and higher and Microsoft Windows Server 2003® with Service Pack 1
o ASLR (Address Space Layout Randomization) in Microsoft Windows Vista®* Added Untrusted Rootstore Capability:
o Opera downloads only the detailed information about untrusted (blacklisted) certificates when they are encountered
o If download fails for certificate information in the list, Opera considers any certificate matching the ID as untrusted* Added version conditional fetching of certificate dependencies from an online repository
* Fixed a problem downloading the CRL (Certificate Revocation List)
* Fixed a problem that could cause SSL to deadlock in one state, hanging the connection
* Fixed a problem that could cause the incorrect calculation of Certificate IDs
* Implemented Extended Validation (EV) for cross-signed EV Root Certificates not shipped by default
* Implemented preshipping of the Entrust 2048 CA (Certificate Authority)
* Implemented Root Certificate fetching from an online repository when an intermediate matches a certificate in the repository
* Improved support for weak encryption when importing .p12 private certificates
* Prevented security information documents from being written to disk
More on CyberInsecure:
Posts
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.