Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Opera 8.51 released to address critical security exposures

Opera Software  Opera 8.51 has been released to address critical security issues.  I use this as a complementary browser in addition to IE 6 (XP SP2) and the Mozilla Deerpark beta (Firefox 1.5 RC3).  After a couple of days of testing, this new version is working well on my work and home PCs.   All Opera users should move to the latest version to ensure they enjoy the best protection possible. 

 Opera 8.51 for Windows is available for download.

Changes since 8.50

User interface

Added Answers.com search option, with 'a' as keyword to search from address field. The version number of search.ini has not been increased; the change will only be visible in fresh installs.

Security and plug-ins

  • Macromedia Flash version shipped with Opera is now 7r61. Addresses issue reported in Secunia Advisory 17437.
  • Solved severe stability issue when using the Acrobat Reader 7.0.5 plug-in.

Miscellaneous

  • Fixed multiple stability issues.

FrSIRT Critical Advisory Information - Key Security Changes

http://www.frsirt.com/english/advisories/2005/2519

Multiple vulnerabilities were identified in Opera, which could be exploited by attackers to execute arbitrary commands.

The first issue is due to a memory corruption error in Macromedia Flash Player, a third party application redistributed with Opera, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to visit a specially crafted Web page or open a malicious Flash file. For additional information, see : FrSIRT/ADV-2005-2317

The second vulnerability is due to an error where the shell script used in Unix / Linux based environments to launch Opera parses shell commands enclosed within backticks in the URL provided via the command line, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to follow a malicious link in an external program (e.g. Thunderbird or Evolution). This issue is similar to FrSIRT/ADV-2005-1794