Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 9th, 2008

Opera Software Fixes Two Security Vulnerabilities In Opera 9.60

Opera Software has released Opera version 9.60 to address two vulnerabilities. The first vulnerability is due to improper validation of URLs. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. If a malicious page redirects Opera to a specially crafted address (URL), it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page.

The second vulnerability is due to unsafe storage of cached Java applets. Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it to run in the context of the local machine. This allows it to read other cache files on the computer or perform other normally more restrictive actions. These files could contain sensitive information, which could then be sent to the attacker.

Opera users should review Opera Advisory and upgrade to version 9.60 as soon as possible.

Share this item with others:

More on CyberInsecure:
  • Extremely Severe Vulnerabilities Patched In Opera Browser
  • Two Severe Flaws In Opera Browser
  • Critical Flaws Patched In Opera 9.61, New Zero-day Vulnerability Remains Unpatched
  • 7 Vulnerabilities, Some Are Extremely Severe, Patched In New Opera 9.52
  • Opera Software Patches Vulnerabilities In Opera 9.64 And Adds Anti-exploitation Mechanisms

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Opera Software Fixes Two Security Vulnerabilities In Opera 9.60

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.