[funsec] Opera patched its browser in secret
Juha-Matti Laurio
juha-matti.laurio at netti.fi
Mon Jan 8 16:22:41 CST 2007
What the Heise Security article reports:
"In both [JPG and SVG] cases, both the Windows and the Linux version of Opera 9.02 are affected, as older versions probably are, too. The change log for Opera 9.10 does not contain any indication of these vulnerabilities in the section on security. Instead, the release seems to have been sold as a cosmetic matter, which may have led a number of users to postpone the update."
The official changelog still has no any information (Security section):
http://www.opera.com/docs/changelogs/windows/910/
It appears that Opera Software only released
http://www.opera.com/support/search/supsearch.dml?index=851
and
http://www.opera.com/support/search/supsearch.dml?index=852
'Last edited: 2007-01-05'
It is the same day when iDefense Labs pushed their advisories out.
Secunia said Highly Critical (4/5) and FrSIRT Critical Risk (4/4).
Not a good sign from Opera to hide the vulnerabilities, when they knew that iDefense will publish the information however.
More at
http://www.heise-security.co.uk/news/83279
- Juha-Matti
More information about the funsec
mailing list