The jump from 10.60 to 10.61 is a small, but important one for most users. The update takes care of some vulnerabilities that could allow a total takeover of the machine for Windows users, and there are also a few cosmetic repairs thrown in for good measure.
Opera Software has now made available the 10.61 version of its desktop browser for all three major platforms – Windows, Mac OS and Linux. This one is a minor release so it doesn’t include any new features but it comes with multiple fixes for various bugs and a few vulnerabilities.
– "Fraud Protection" renamed to "Fraud and Malware Protection"
– Relative paths not working in the Filename setting for Speed Dial background
– Premature shutdown when using vBulletin’s WYSIWYG editor
– Loading an animated png causes high CPU usage with no response from the browser
– yahoo.cn mailproviders SMTP entry not using a submission port
– Changing the default cookie preference to "Accept all cookies"
– Installing Opera 10.60 windows overwrites saved search preferences
Display and Scripting
– Google Calendar compatibility
– Unite listening on UDP 1900 even if UPnP service discovery is off
– Several cases where widgets will not run
– Premature shutdown when loading qq.com
– Setting the onload property of XMLHttpRequest blocks document memory from being garbage collected
– Opera treating binary files as plain text (opening it in the browser instead of showing a download dialog)
– Premature shutdown when loading the Canvas demo
– Printing from print preview results in either a freeze or corrupted page
– Widgets not having access to a network after restart
– "Accept cookies" and "only from the site I visit" settings being incorrect in Preferences dialog
– Premature shutdown occurring on startup of Opera under Windows 98
– Disk cache not working correctly in turbo mode
– Fixed an issue where heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc.
– Fixed an issue where unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia.
– Fixed an issue where news feed preview could subscribe to feeds without interaction, as reported by Alexios Fakos.
The update was also important enough on Windows that ZDNet’s Ryan Naraine put up a story today, detailing the fixes and their benefits –
The most serious of the three flaw could allow hackers to execute harmful code and take complete control of a target computer, Opera said in an advisory.
Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed.
The Opera 10.61 update, available for Windows, Mac and Unix, also fixes the following:
- (Moderate Severity) Tabs may be used to obscure a download dialog that is visible in another tab. The dialog will allow the user to choose to run downloaded executables directly. If the tab is closed or hidden at the moment that a user was about to click, they can end up clicking on the buttons in the dialog, causing the downloaded file to be executed. (See advisory).
- (Low Severity) When Opera is previewing a news feed, certain types of content do not have their scripts removed correctly. These scripts are able to subscribe the user to the feed without their consent. (See advisory).
Opera highly recommends that all affected users download the latest update.
Those of us already on the 10.70 beta schedule have the fixes implemented already, so nothing is to be gained in security by moving to 10.61.
|He who believes in freedom of the will has never loved and never hated.