JavaScript Security Bug in Opera
A critical vulnerability has been discovered in the Opera Web browser.
The vulnerability, which has been assigned the CVE ID CVE-2007-4367 could be exploited by attackers to execute arbitrary malicious code. The bug, which has not yet been precisely specified, occurs on executing JavaScript code and can lead to a virtual function being called with an invalid pointer. An attacker would need to trick an Opera user into visiting a carefully crafted website to run the exploit.
Both security professionals Secunia and Opera regard the bug as highly critical. The vulnerability affects all older versions prior to 9.22 independently of the operating system platform. Opera users are advised to update to version 9.23 of Opera which was released yesterday. Besides the fix, the new version also includes stability enhancements. The browser is available from the Norwegian developer's website.
Issue 163/2014
Buy this issue as a PDF
Digital Issue: Price $9.99
(incl. VAT)
Tag Cloud
News
-
KDE Announces Software Compilation 4.13
New release comes with better semantic search and improvements to Kontact.
-
Coverity: Open Source Code has Fewer Defects
Annual code quality report shows FOSS is more secure at all project size levels.
-
An Even Smaller Raspberry Pi
The Raspberry Pi Foundation has announced an even smaller version of the tiny computer that will fit into a DIMM slot.
-
Freaky Privilege Escalation Attack
A new class of problems lets a malicious app pre-configure an invisible privilege update.
-
Facebook Rolls Out New PHP-like Programming Language
New Hack language adds static typing and other conveniences.
-
Fedora Announces Innovative Crytography Policy System
New crypto policy system will offer easier configuration and more uniform security.
-
Shuttleworth Calls for Declarative Firmware
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
-
New TLS Attack Takes the S out of HTTPS
Vulnerability affects many Linux web servers
-
Munich Adopts Kolab
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
-
Canonical Announces Ubuntu Smartphones
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.