Opera 9.63 incorporates the Opera Presto 2.1.1 user agent engine.
[cut]
security fixes
- Code: Select all
* Manipulating text input contents can allow execution of arbitrary code, as reported by Red XIII. See our advisory.
* HTML parsing flaw can cause Opera to execute arbitrary code, as reported by Alexios Fakos. See our advisory.
* Long hostnames in file: URLs can cause execution of arbitrary code, as reported by Vitaly McLain. see our advisory.
* Script injection in feed preview can reveal contents of unrelated news feeds, as reported by David Bloom. See our advisory.
* Built-in XSLT templates can allow cross-site scripting, as reported by Robert Swiecki of the Google Security Team. See our advisory.
* Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas. Details will be disclosed at a later date.
* SVG images embedded using <img> tags can no longer execute Java or plugin content, suggested by Chris Evans.
* Opera now imports .p12 private certificates
