Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A new version of the Opera browser closes several security holes that could have enabled an attacker to execute arbitrary code or launch cross-domain scripting attacks.
The new version, dubbed Opera 9.64, fixed an "extremely severe" issue in which specially crafted JPEG images could cause Opera to corrupt memory and crash, leaving it vulnerable to arbitrary code execution, according to the Opera Windows Changelog.
Other issues addressed included a fix for a problem with plug-ins which could be used to enable cross-domain scripting. The details were not disclosed for this, as well as another issue labeled as "moderately severe." Opera promised that details will be disclosed at a later date.
Also, support was added for Data Execution Prevention (DEP) for both Windows XP SP2 (or higher) and Windows Server 2003 SP1.
Starting with this release, Opera on Windows supports "Address Space Layout Randomization (ASLR)," which is available in Vista. Together with DEP, ASLR forms a second line of defense should an application run into a serious fault that would normally cause it to crash.
"Of course that should just not happen in the first place, but you can never completely rule out programming errors," said Claudio Santambrogio, QA Desktop Test Manager at Opera in a blog post. "Depending on the exact nature of the fault, an attacker can sometimes exploit it and try to take over your system. DEP and ASLR make that a lot harder."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.