Thu, Oct 18 2007 10:54 Don

Opera Releases v9.24 to Fix Security Issues

Advisory: External news readers and e-mail clients can be used to execute arbitrary code

External news readers and e-mail clients can be used to execute arbitrary code.

Severity: Highly Severe

Affected Versions

All versions of Opera for Desktop prior to Opera 9.24.

Problem Description

If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code.

Opera's Response

Opera Software has released Opera 9.24, where this issue has been fixed.

http://www.opera.com/support/search/view/866/ 

.. and ..

Advisory: Scripts can overwrite functions on pages from other domains

Scripts can overwrite functions on pages from other domains.

Severity: Highly Severe

Affected Versions

All versions of Opera for Desktop prior to Opera 9.24.

Problem Description

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site.

Opera's Response

Opera Software has released Opera 9.24, where this issue has been fixed.

http://www.opera.com/support/search/view/867/ 

Filed under: