Opera fixes critical form-handling flaw

Second act, malicious spies and click-jackers exit stage left

8 Reg comments Got Tips?

Opera has updated its browser to correct a cross-platform vulnerability that created a possible mechanism for hackers to inject malicious code into vulnerable systems.

The critical security bug stemmed from flaws in handling large form inputs, as explained in an advisory by the Norwegian software developer here. Version 11.01 of the browser also addresses two less serious security bugs. The first involves a click-jacking vulnerability and the second involves a privacy flaw that creates a way for operators of malicious sites to spy on a surfer's private files. More discussion on the flaws can be found in a bulletin from Secunia here.

The browser update – for Mac and Unix as well as Windows machines, and released on Wednesday – also includes a number of lesser performance tweaks.

In other patching news this week, VideoLAN project developers have released a new version of VLC Media Player that fixes flaws involving the handling of Real Media and CDG media files. Exploitation would involve tricking a user into opening a maliciously constructed file. More details on the update to the popular open source media player application can be found in an advisory by Secunia here. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

In a world where up is down, it's heartwarming to know Internet Explorer still tops list of web dev pain points

Incompatibilities and inconsistent standards support among browsers ensure an ongoing source of headaches

Azure DevOps Services reminds users that, yes, it really is time to pull the plug on Internet Explorer 11

Ignite Sure, it's still wedged in the OS, but maybe you'd prefer something shiny and Chromier?

We've come to wish you an unhappy birthday: Microsoft to yank services from Internet Explorer, kill off Legacy Edge by 2021

You need to give that plate back to us after you've finished your cake. Yes the fork too. We'll get your coat

Microsoft teases Azure Data Explorer connector for picking its Synapse analytics service's brains

What do you mean you're not on board the Big Data bus?

Nine words to ruin your Monday: Emergency Internet Explorer patch amid in-the-wild attacks

Update browser ASAP after Google gurus spot miscreants abusing bug to hijack PCs

If you never thought you'd hear a Microsoftie tell you to stop using Internet Explorer, lap it up: 'I beg you, let it retire to great bitbucket in the sky'

We say take off and nuke the entire codebase from orbit. It's the only way to be sure

Did you know? Internet money lender Opera also offers a free web browser

Fintech biz's financials hit a high note... as in bank notes

It's Friday, the weekend has landed... and Microsoft warns of an Internet Explorer zero day exploited in the wild

Roundup Plus, WeLeakInfo? Not anymore!

Biting the hand that feeds IT © 1998–2020