===================================================================== CERT-Renater Note d'Information No. 2007/VULN536 _____________________________________________________________________ DATE : 20/12/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows running Opera. ====================================================================== http://www.opera.com/docs/changelogs/windows/925/#security ______________________________________________________________________ Changelog for Opera 9.25 for Windows Opera 9.25 for Windows is available for download. Release Notes This release is a recommended security upgrade. See the Security section for additional information. Changes Since Opera 9.24 Security * Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date. * Fixed an issue with TLS certificates that could be used to execute arbitrary code, as reported by Alexander Klink (Cynops GmbH). Details will be disclosed at a later date. * Rich text editing can no longer be used to allow cross domain scripting, as reported by David Bloom. See our advisory. * Prevented bitmaps from revealing random data from memory, as reported by Gynvael Coldwind. Details will be disclosed at a later date. Miscellaneous * Fixed a problem where malformed BMP files could cause Opera to temporarily freeze. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================