Opera
Opera 9.23 released for improved security
Security vendor Secunia today reported a highly critical Javascript flaw in Opera 9.22 and earlier. Fortunately, Opera already knew about the problem and today released a more secure version of Opera, version 9.23. How did they know about it? The Norwegian browser company said it used a tool that was released during this year's Black Hat USA by rival Mozilla, the makers of the Firefox browser.
According to Secunia, the Opera vulnerability is the result of an unspecified error when processing JavaScript code. The error can produce a virtual function call using an invalid pointer. This can be exploited tricking a user into visiting a malicious website executing arbitrary code.
At Black Hat, Mozilla's Window Snyder told me that both Apple and Microsoft were also given copies of the Mozilla Javascript fuzzer as early as May. No word yet whether Apple or Microsoft has used the tool on their own Internet browsers.
Source : CNET
Interview with Opera Software's VP of Engineering
For us, security is largely about architecture, process, and user interface. Architecturally, we might be less prone to certain issues, due to the fact that we have a self-contained browser application with few necessary dependencies to the underlying platform. Process-wise, we might test more diversly than the competition, due to the fact that we release our products on the largest amount of different platforms.
Take a look HERE.
Security vendor Secunia today reported a highly critical Javascript flaw in Opera 9.22 and earlier. Fortunately, Opera already knew about the problem and today released a more secure version of Opera, version 9.23. How did they know about it? The Norwegian browser company said it used a tool that was released during this year's Black Hat USA by rival Mozilla, the makers of the Firefox browser.
According to Secunia, the Opera vulnerability is the result of an unspecified error when processing JavaScript code. The error can produce a virtual function call using an invalid pointer. This can be exploited tricking a user into visiting a malicious website executing arbitrary code.
At Black Hat, Mozilla's Window Snyder told me that both Apple and Microsoft were also given copies of the Mozilla Javascript fuzzer as early as May. No word yet whether Apple or Microsoft has used the tool on their own Internet browsers.
Source : CNET
Interview with Opera Software's VP of Engineering
For us, security is largely about architecture, process, and user interface. Architecturally, we might be less prone to certain issues, due to the fact that we have a self-contained browser application with few necessary dependencies to the underlying platform. Process-wise, we might test more diversly than the competition, due to the fact that we release our products on the largest amount of different platforms.
Take a look HERE.
posted by vanish at 8:55 AM
0 Comments:
Post a Comment
<< Home