New version of Opera addresses security issues

by Steve Ragan - Mar 4 2009, 16:35

Opera released version 9.64 on Tuesday, addressing various security issues as well as adding various improvements. The update, labeled a security and stability upgrade, is recommended to all users, as it addresses an “Extremely Severe” vulnerability related to how Opera handles JPEG images.

The top security fix in the latest Opera release was reported by Travis Ormandy, who works with the Google Security Team. The vulnerability corrects a problem where an attacker could use a malicious JPEG image to crash the browser. Once Opera crashes, memory corruption will occur, leading to code execution.

There are two other vulnerabilities corrected with the update, one reported by Adam Barth that fixes an issue that allowed plug-ins to be used in cross domain scripting, and the other, which was not disclosed.

Security related improvements in the new Opera include DEP (Data Execution Prevention) support, Address Space Layout Randomization (ASLR) support for Vista, SSL fixes that correct SSL deadlock, and a modification to the engine that prevents security documents from being written to the disk.

The Opera update is available in the browser or online at www.opera.com.

Around the Web