Opera 9.64 Fixes Security Vulnerabilities

March 3, 2009 – 6:26 AM

Opera 9.64 is a recommended security and stability upgrade, incorporating the Opera Presto 2.1.1 user agent engine. Opera highly recommends all users to upgrade to Opera 9.64 to take advantage of these improvements.

opera

Changes and improvements since Opera 9.63:

Security

  • Fixed an issue where specially crafted JPEG images ccould be used to execute arbitrary code, as reported by Tavis Ormandy of the Google Security Team; see our advisory
  • Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by Adam Barth; details will be disclosed at a later date.
  • Fixed a moderately severe issue; details will be disclosed at a later date.
  • Added support for the following platform-specific features:
    • DEP (Data Execution Prevention) in Microsoft WindowsXP with Service Pack 2 and higher and Microsoft Windows Server 2003 with Service Pack 1
    • ASLR (Address Space Layout Randomization) in Microsoft Windows Vista
  • Added Untrusted Rootstore Capability:
    • Opera downloads only the detailed information about untrusted (blacklisted) certificates when they are encountered
    • If download fails for certificate information in the list, Opera considers any certificate matching the ID as untrusted
  • Added version conditional fetching of certificate dependencies from an online repository
  • Fixed a problem downloading the CRL (Certificate Revocation List)
  • Fixed a problem that could cause SSL to deadlock in one state, hanging the connection
  • Fixed a problem that could cause the incorrect calculation of Certificate IDs
  • Implemented Extended Validation (EV) for cross-signed EV Root Certificates not shipped by default
  • Implemented preshipping of the Entrust 2048 CA (Certificate Authority)
  • Implemented Root Certificate fetching from an online repository when an intermediate matches a certificate in the repository
  • Improved support for weak encryption when importing .p12 private certificates
  • Prevented security information documents from being written to disk

Miscellaneous

  • Fixed a problem which created separate feed notifications; Opera now groups them together
  • Fixed a problem with inline find when no content was entered and the Enter key was pressed
  • Implemented opacity on text styled with hexidecimal color codes
  • Installing an external source viewer no longer requires an Opera restart
  • Installing Opera sets it as the default browser; this may be reset during the install process

Source:
http://www.opera.com/docs/changelogs/windows/964/

  1. 2 Responses to “Opera 9.64 Fixes Security Vulnerabilities”

  2. I want download opera on my computer.

    By Rabi'u on Apr 26, 2009

  3. Rabi,

    The download link is right on the front page:

    http://www.opera.com/

    By manunkind on Apr 26, 2009

You must be logged in to post a comment.