As of now Opera has released their final version of their browser. Their latest update from 11,10 was mainly aimed at reducing security risks and wide spread reports of specific crashes.
Opera’s 11.11 version change-log includes a list of network and crashing bug-fixes amongst which:
- Crash when reloading page after opening a popup of easy-sticky-note extension
- Google calendar previewing of month view
- Crash when destroying Silverlight instance on vod.onet.pl
- Text on button of the error page in Asian languages being vertically aligned
- Visiting a page with a plug-in that is not installed resets Time Of Last Upgrade Check
- HTTPS url being incorrectly unloaded for application cache urls, especially effecting Opera Dragonfly
- Fast forward being broken on google.com
Opera, as other software manufactures are more frequently being put under immediate pressure as soon as software sites such as Softpedia and download.com distribute their product across the web in massive numbers. This obviously in the interest of the software houses but simultaneously create the obligation to come up with immediate fixes. In Opera’s case, this was to close up the ifame security vulnerability gap, which allowed for code to be injected to infect the desktop machine by sites using iframes to load scripting through the browser.
The fix Opera describes as follows:
Advisory: Frameset issue allows execution of arbitrary code
Severity: Critical
Description: Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a memory corruption. To inject code, additional techniques will have to be employed.
Opera’s response: Opera Software has released Opera 11.11, where this issue has been fixed.
About the Iframe arbritary code
For web designers this bug has been quite the night mare over the last few years, client’s web sites being infect through as easy as a single FTP session. How iframe infections work is as follows (well, one way we know of) on loading of a page it downloads a Trojan downloader, so initially the threat often go passed unnoticed by scanners.
The actual trojan virusses, often more than one, will infect ALL html files on the desktop machine. Mind you this includes all the help files from windows itself as well. When uploading any of these html files to a server, for instance when updating your own website, the entire server can be infected and eventually taken over completely, and the circle start all over again.
