In an effort to keep up to date regarding stability and security, Norwegian Opera upgraded its speedy Web browser to version 9.63. This release also incorporates the Opera Presto 2.1.1 user agent engine. According to its official Web site, this is what they added to their Web application:
Changes Since Opera 9.62:
- Manipulating text input contents can allow execution of arbitrary code, as reported by Red XIII. See ouradvisory.
- HTML parsing flaw can cause Opera to execute arbitrary code, as reported by Alexios Fakos. See ouradvisory.
- Long hostnames in file: URLs can cause execution of arbitrary code, as reported by Vitaly McLain. see our advisory.
- Script injection in feed preview can reveal contents of unrelated news feeds, as reported by David Bloom. See our advisory.
- Built-in XSLT templates can allow cross-site scripting, as reported by Robert Swiecki of the Google Security Team. See our advisory.
- Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas. Details will be disclosed at a later date.
- SVG images embedded using
<img>tags can no longer execute Java or plugin content, suggested by Chris Evans.
I’ll be honest to admit that Opera is not my cup of tea. I’ve tried very hard to understand how it works, but no joy. But, I know many people who would not change it for anything in the world. For those Opera zealots I wish then well with this latest upgrade. Good Day.