Opera Patches Browser Security Holes
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
By Matthew Broersma
Opera Software has released an upgrade addressing two serious security flaws involving Macromedia's Flash Player and a code execution bug affecting Linux and Unix users.
Flash Player Glitch
The first problem relates to Flash Player and was made public earlier in November. Macromedia warned that the bug in Flash Player, one of the most widely used pieces of software on the desktop, could allow attackers to take over a system.he security research firm co-credited with discovering the bug, eEye, said it had demonstrated "reliable exploitation" using the bug in the Internet Explorer browser, but other browsers are also said to be just as open to attack.
Opera's fix arrived this week with Opera 8.5.1, which includes Flash Player version 7r61, fixing the problem. Opera 8.5 was released in the spring.
Linux, Unix Issue
The release also fixes a problem identified by Secunia Research, involving the shell script used to launch Opera in Linux and Unix environments. The flawed script processes shell commands enclosed in URLs passed to Opera via the command line.
That means an attacker could execute malicious shell commands on a user's system via an innocent-seeming URL in an e-mail message, for example. The command would be executed when the user clicked on the URL and invoked Opera.
The shell script bug doesn't just affect Opera--it is a variant of a problem with the Firefox browser disclosed in September.
Opera said the update also improves stability when viewing pages with Java for users of Japanese MacOS X systems.
The Opera browser is gaining popularity as a smaller, lighter version of the open-source tool.
Article submitted by: Webshark
Last Update: 11-30-2005
Category: Security
Opera Software has released an upgrade addressing two serious security flaws involving Macromedia's Flash Player and a code execution bug affecting Linux and Unix users.
Flash Player Glitch
The first problem relates to Flash Player and was made public earlier in November. Macromedia warned that the bug in Flash Player, one of the most widely used pieces of software on the desktop, could allow attackers to take over a system.he security research firm co-credited with discovering the bug, eEye, said it had demonstrated "reliable exploitation" using the bug in the Internet Explorer browser, but other browsers are also said to be just as open to attack.
Opera's fix arrived this week with Opera 8.5.1, which includes Flash Player version 7r61, fixing the problem. Opera 8.5 was released in the spring.
Linux, Unix Issue
The release also fixes a problem identified by Secunia Research, involving the shell script used to launch Opera in Linux and Unix environments. The flawed script processes shell commands enclosed in URLs passed to Opera via the command line.
That means an attacker could execute malicious shell commands on a user's system via an innocent-seeming URL in an e-mail message, for example. The command would be executed when the user clicked on the URL and invoked Opera.
The shell script bug doesn't just affect Opera--it is a variant of a problem with the Firefox browser disclosed in September.
Opera said the update also improves stability when viewing pages with Java for users of Japanese MacOS X systems.
The Opera browser is gaining popularity as a smaller, lighter version of the open-source tool.
Article submitted by: Webshark
Last Update: 11-30-2005
Category: Security
Current rating: 5.58 by 34 users
Would you recommend this article to a friend? |
Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(9,459 reads) 07-05-2008
· Fusion Security(15,132 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(13,896 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,362 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(13,870 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,620 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,646 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,376 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(18,213 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,604 reads) 10-01-2006
· ipBan Modification
Please register or sign-in to post comments.