= Changes since Opera 9.62 = = Security = * Manipulating text input contents can allow execution of arbitrary code, as reported by Red XIII. See our advisory[1]. * HTML parsing flaw can cause Opera to execute arbitrary code, as reported by Alexios Fakos. See our advisory[2]. * Long hostnames in file: URLs can cause execution of arbitrary code, as reported by Vitaly McLain. see our advisory[3]. * Script injection in feed preview can reveal contents of unrelated news feeds, as reported by David Bloom. See our advisory[4]. * Built-in XSLT templates can allow cross-site scripting, as reported by Robert Swiecki of the Google Security Team. See our advisory[5]. * Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas. Details will be disclosed at a later date. * SVG images embedded using <img> tags can no longer execute Java or plugin content, suggested by Chris Evans. [1] http://www.opera.com/support/search/view/920/ [2] http://www.opera.com/support/search/view/921/ [3] http://www.opera.com/support/search/view/922/ [4] http://www.opera.com/support/search/view/923/ [5] http://www.opera.com/support/search/view/924/
# ChangeLog for www-client/opera # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/www-client/opera/ChangeLog,v 1.309 2008/12/16 12:30:58 jer Exp $ *opera-9.63 (16 Dec 2008) 16 Dec 2008; Jeroen Roovers <jer@gentoo.org> +opera-9.63.ebuild: Version bump (bug #251155).
Hmm *** This bug has been marked as a duplicate of bug 247229 ***
