Serious Browser Bugs Spoil Opera Tune

Opera has shipped a high-priority update to its flagship Web browser to correct multiple flaws that put Windows users at risk of malicious hacker attacks.

With Opera 9.26 for Windows, the Norwegian company shipped patches for at least three vulnerabilities that can be exploited to launch malware installations or conduct identity theft attacks.

The most serious of the three bugs—rated "highly severe" by Opera—can cause the browser to be tricked into treating custom comments in image properties as script.

"This can cause the script to be run in the wrong security context," the company warned.

The update also fixes a "moderately severe" issue where simulated text inputs could trick users into uploading arbitrary files.

"When a user types into a file input, scripts can cause some of the keystrokes to be ignored. If the script can convince the user that they are typing into a normal text input, and not let them see that their keystrokes are being ignored, it can cause the input to point to known file paths on the user's computer. The file can then be uploaded without user interaction," Opera said.

This flaw was reported to Opera by the Mozilla security team and was the cause of a minor controversy over responsible disclosure. Opera accused Mozilla of not giving its developers enough time to fix the bug before going public with details.

The Opera patch also corrected an issue where the representation of DOM attribute values could allow cross-site scripting. 

"This can allow their values to bypass sanitization filters. If these values are used as document content, they may in some cases allow scripts to be inserted," according to the Opera advisory.