![]() An example of where this may be needed is for sites that use a custom header with a static value as part of their protection against Cross Site Request Forgery (XSRF) attacks. If an attacker can control the contents being written into memory, execution of arbitrary code may occur.Ī problem where CORS requests can omit the preflight request:Ĭross-Origin Resource Sharing (CORS) requests are required to send a preflight request if custom headers are included, to check that the host wishes to allow the full request to be made. When SVG documents with specifically prepared clipPaths are used in Opera, Opera may allow other content to overwrite the memory, before referencing the memory, which will lead to a crash. Issues where use of SVG clipPaths can allow execution of arbitrary code: To inject code, additional techniques would have to be employed. ![]() In some cases, this crash might occur in a way that allows execution of arbitrary code. Particular DOM event manipulations can cause Opera to crash. ![]() Details of the three security issues are as follows:Īn issue where DOM events manipulation might be used to execute arbitrary code: In addition to a number of general and UI issues fixed in this software upgrade, Opera Software resolved two high-severity issues and one low-severity issue. Fixed an issue where images will not load after back navigation, when a site uses the HTML5 history API (e.g., ).Fixed an issue where no webpages load on startup if Opera is disconnected from the Internet.Fixed an issue where Opera gets internal communication errors on Facebook.The recommended upgrade offers security fixes and stability enhancements, along with general and User Interface (UI) fixes: Opera released its first web browser upgrade of the year to version 12.13 for Mac OS X and other operating systems, fixing bugs mostly related to arbitrary code execution. Security & Privacy Opera Releases Browser Version 12.13 with Security Fixes and More
0 Comments
Leave a Reply. |