Opera plugs six security holes in latest version of web browser

Opera added a do-not-track feature to the latest version of its web browser
Opera added a do-not-track feature to the latest version of its web browser

Opera has fixed the following security issues with its latest browser: hidden keyboard navigation that could allow cross-site scripting or code execution; a combination of clicks and key presses that could lead to cross-site scripting or code execution; cross-domain JSON resources that may be exposed as JavaScript variable data; carefully timed reloads, redirects, and navigation that could spoof the address field; pages that could prevent navigation to a target page, spoofing of the address field; and a “moderate severity issue”, details of which will be disclosed at a “later date.”

In addition, Opera said it was adding a DNT function to its browser. In a blog, Opera researcher Karl Dubost explained why DNT is important to his company.

“We are both a browser implementer and a service provider. The recently released build will help us to understand the interactions and the issues it might create when a user is activating the DNT: 1 header. We would like to see how implementable the Working Group suggestions are on the server side too. Our social network, My.Opera, and the very useful Opera Mini browser have to be tested against the specification”, he wrote.
 

What’s Hot on Infosecurity Magazine?