Recently, Opera released the new version of web browser. Opera 11.01 comes with additional features and mitigates five vulnerabilities including a recently disclosed critical vulnerability. The critical vulnerability was caused by integer truncation error and allowed remote attackers to execute malicious code. The new version also mitigates vulnerabilities, which allowed clickjacking attacks, allowed high privileges to remote web pages and allowed access to email accounts even after deleting private data. A vulnerability in browser configuration allowed attackers to bypass restrictions and initiate clickjacking attacks. The high risk vulnerability allowed attackers to manipulate users to click on a seemingly legitimate but fake links to gain control of their computers or gain unauthorized access to privileged information.

The latest version also mitigates another high risk vulnerability, which caused the browser to erroneously provide escalated privileges to remote web pages. The vulnerability allowed attackers to gain unauthorized privileges and upload files from the affected systems as web resources and extract confidential information.

Opera 11.01 mitigates fixes a moderate vulnerability associated with the 'delete private data' tool of the browser. The clear all email account passwords option under the tool does not clear all the data immediately and allows access to an e-mail account until the browser is restarted. Usually, professionals who have undergone certified ethical hacker training help developers to identify security flaws in products and applications. In this case, the vulnerabilities were identified by various security researchers.

Unpatched web browsers are vulnerable to security breaches. Users must apply appropriate security patches to web browsers and associated plug-in to reduce instances of attacks and security breaches. Internet users may benefit from the online computer training programs and update themselves on cyber security tips and precautions.

The new version does not support javascript - URLs in Cascading Style Sheets (CSS) o-link values and enables websites to filter untrusted CSS.

The updated version also enables the Mac OS file quarantine. The quarantine places a flag on downloaded files and alerts users opening one such file.

Regular in-depth security evaluation of products through penetration testing may help developers in identifying vulnerabilities and mitigating them before their exploitation by attackers.

Article Source: http://EzineArticles.com/5810492

Posted by Jenny on Thursday, June 23, 2011

0 comments