Opera patches two browser security flaws
It has released an upgrade that addresses the vulnerabilities
TechWorld.com - Opera Software ASA has released an upgrade addressing two serious security flaws involving Macromedia Inc.'s Flash Player and a code execution bug affecting Linux and Unix users.
The first problem relates to Flash Player and was made public earlier this month. Macromedia warned that the bug in Flash Player, a widely used piece of desktop software, could allow attackers to take over a system.
The security research firm co-credited with discovering the bug, eEye Digital Security, said it had demonstrated "reliable exploitation" using the bug in the Internet Explorer browser, but other browsers are also said to be just as open to attack.
Opera's fix arrived this week with Opera 8.5.1, which includes Flash Player Version 7r61.
The release also fixes a problem identified by Secunia Research, involving the shell script used to launch Opera in Linux and Unix environments. The flawed script processes shell commands enclosed in URLs passed to Opera via the command line.
That means an attacker could execute malicious shell commands on a user's system via an innocent-seeming URL in an e-mail message, for example. The command would be executed when the user clicked on the URL and invoked Opera.
The shell script bug doesn't just affect Opera -- it is a variant of a problem with the Firefox browser disclosed in September.
Opera said the update also improves stability when viewing pages with Java for users of Japanese Mac OS X systems.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!