Advisory 906
Severity: Extremely Severe
Platforms: All desktop versions
When certain parameters are passed to Opera’s History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera’s configuration, allowing them to execute arbitrary code.
Note: There have been public demonstrations of this issue, which have altered Opera’s setup. Upgrading to 9.62 will not restore these settings. If you have opened any of these demonstrations, you may have to restore your settings manually. Typically, the mailto handler has been changed; it can be restored back to its correct value using Preferences - Advanced - Programs.
http://www.opera.com/support/search/view/906/
Advisory 907
Severity: Highly Severe
Platforms: All desktop versions
The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.
http://www.opera.com/support/search/view/907/
Opera 9.62 for Windows: Download
Aviv Raff On .NET A different Opera
{ 0 comments… add one now }