Opera Software Fixes Two Security Vulnerabilities In Opera 9.60
Opera Software has released Opera version 9.60 to address two vulnerabilities. The first vulnerability is due to improper validation of URLs. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. If a malicious page redirects Opera to a specially crafted address (URL), it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page.
The second vulnerability is due to unsafe storage of cached Java applets. Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it to run in the context of the local machine. This allows it to read other cache files on the computer or perform other normally more restrictive actions. These files could contain sensitive information, which could then be sent to the attacker.
Opera users should review Opera Advisory and upgrade to version 9.60 as soon as possible.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.