Opera patches two browser security flaws
It has released an upgrade that addresses the vulnerabilities
TechWorld.com - Opera Software ASA has released an upgrade addressing two serious security flaws involving Macromedia Inc.'s Flash Player and a code execution bug affecting Linux and Unix users.
The first problem relates to Flash Player and was made public earlier this month. Macromedia warned that the bug in Flash Player, a widely used piece of desktop software, could allow attackers to take over a system.
The security research firm co-credited with discovering the bug, eEye Digital Security, said it had demonstrated "reliable exploitation" using the bug in the Internet Explorer browser, but other browsers are also said to be just as open to attack.
Opera's fix arrived this week with Opera 8.5.1, which includes Flash Player Version 7r61.
The release also fixes a problem identified by Secunia Research, involving the shell script used to launch Opera in Linux and Unix environments. The flawed script processes shell commands enclosed in URLs passed to Opera via the command line.
That means an attacker could execute malicious shell commands on a user's system via an innocent-seeming URL in an e-mail message, for example. The command would be executed when the user clicked on the URL and invoked Opera.
The shell script bug doesn't just affect Opera -- it is a variant of a problem with the Firefox browser disclosed in September.
Opera said the update also improves stability when viewing pages with Java for users of Japanese Mac OS X systems.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts