Opera web browser updated to 12.13.1734

Posted by:
Date: Wednesday, January 30th, 2013, 08:16
Category: News, Software

operalogo

Late Thursday, Opera Software released version 12.13.1734 of its web browser. The new version, a 20.3 megabyte download via MacUpdate, boasts the following fixes and changes:

General and User Interface:
- Fixed an issue where Opera gets internal communication errors on Facebook.

- Fixed an issue where no webpages load on startup, if Opera is disconnected from the Internet.

- Fixed an issue where images will not load after back navigation, when a site uses the HTML5 history API (deviantart.com).

Linux and Windows:
- A new stand-alone update-checker, as part of a planned upgrade of the auto-update system.

Windows:
- Improved protection against hijacking of the default search, including a one-time reset.

Security:
- Fixed an issue where DOM events manipulation might be used to execute arbitrary code, as reported by Arthur Gerkis; see our advisory.

- Fixed an issue where use of SVG clipPaths could allow execution of arbitrary code, as reported by anonymous via the iSIGHT Partners GVP Program; see our advisory.

- Fixed a low severity security issue; details will be disclosed at a later date.

- Fixed an issue where CORS requests could omit the preflight request, as reported by webpentest; see our advisory.

Opera 12.13.1734 is available for free and requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run.

Google Chrome updated to 24.0.1312.56

Posted by:
Date: Wednesday, January 23rd, 2013, 07:07
Category: News, Software

google-chrome-logo

You can’t knock a decent web browser update.

Late Tuesday, Google released version 24.0.1312.56 of its Chrome web browser. The update, a 46.8 megabyte download, adds the following fixes and changes:
- Fixed performance of mouse wheel scrolling. [Issue: 160122]

- Fixed visited links regression. [Issue: 160025]

Google Chrome 24.0.1312.56 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Opera demos “Ice” web browser for iOS, Android devices

Posted by:
Date: Monday, January 21st, 2013, 08:59
Category: iPad, iPhone, News, Software

Opera-642x401

It never hurts to have a wider array of web browser choices for your iOS device.

Per Pocket Lint and AppleInsider, Opera Software on Friday unveiled its latest project, a WebKit-based mobile browser called “Opera Ice” that is specifically designed for screen formats seen on popular smartphones and tablets, including the iPhone and iPad.

In an internal video released on Friday, Opera gave a brief look at a beta of the new app, which features an icon-based interface much like the optional homescreens seen on desktop versions of Apple’s Safari and Google’s Chrome browsers.



According to the developers, the app was designed to hide the usual clutter seen with modern web browsers, including the ubiquitous URL bar, that takes up limited screen real estate on mobile devices. The so-called “full touch browser” does away with buttons and menus to create a spartan user interface driven by screen taps and gestures.

Instead of the Presto rendering engine that Opera has used for years, Ice is based on WebKit, the same engine used by both Apple and Google. The move is meant to keep Opera in the fast-changing mobile market.

“We need to focus on getting strong products out on iOS and Android,” said Opera CEO Lars Boilesen.

As for the company’s current mobile solution, Opera mini, Boilesen said that it won’t be replaced by Ice. Instead, the platform will be leveraged to generate users that will eventually be migrated over to new mobile apps. Opera Ice is expected to debut sometime in February, while a new unannounced desktop browser is slated for a March release.

Stay tuned for additional details as they become available.

Google Chrome updated to 24.0.1312.52

Posted by:
Date: Friday, January 11th, 2013, 07:43
Category: News, Software

google-chrome-logo

If you love Google Chrome, it’s your lucky day.

Late Thursday, Google released version 24.0.1312.52 of its Chrome web browser. The update, a 46.8 megabyte download, adds the following fixes and changes:

- [$1000] [162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG.

- [$4000] [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyenger, both of Facebook.

- [$1000] [165864] High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.

- [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh).

- [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans).

- [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno).

- [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno).

- [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community.

- [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared memory allocation. Credit to Google Chrome Security Team (Chris Evans).

- [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes).

- [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla).

- [Windows only] [162066] Low CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh).

- [161836] Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez).

- [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar).

- [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar).

- [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar).

- [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.

- [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar).

- [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.

- [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer).

Google Chrome 24.0.1312.52 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Mozilla releases Firefox 18.0 update

Posted by:
Date: Wednesday, January 9th, 2013, 07:31
Category: News, Software

elfirefox

You can’t knock a solid update.

On Tuesday, Mozilla.org released version 18.0 of its Firefox web browser. The new version, a 38.4 megabyte download and adds the following fixes and changes:

New:
- Faster JavaScript performance via IonMonkey compiler.

- Support for Retina Display on OS X 10.7 and up.

- Preliminary support for WebRTC.

Changed:
- Experience better image quality with our new HTML scaling algorithm.

- Performance improvements around tab switching.

Developer:
- Support for new DOM property window.devicePixelRatio.

- Improvement in startup time through smart handling of signed extension certificates.

HTML 5:
- Support for W3C touch events implemented, taking the place of MozTouch events.

Fixed:
- Disable insecure content loading on HTTPS pages (62178).

- Improved responsiveness for users on proxies (769764).

Firefox 18.0 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

iOS 6 security bug in wild, reenables JavaScript under Safari without input from user

Posted by:
Date: Monday, December 24th, 2012, 08:57
Category: News, security, Software

This is the reason bug fixes were invented.

Per AppleInsider the Safari web browser in Apple’s iOS 6 platform has a potentially serious JavaScript bug that could have major security and privacy implications.

The new “Smart App Banner” feature in iOS 6 is designed to allow developers the ability to promote App Store software within Safari. The Smart App Banner detects whether a user has a specific application installed, and invites them to view the software on the App Store or open it on their iOS device.

But for users who choose to turn off JavaScript in the Safari Web browser, the appearance of a Smart App Banner on a website will automatically and permanently turn JavaScript back on without notifying the user.

iOS device owners can test this issue by opening the Settings application and choosing Safari, then turning off JavaScript. Then simply launch the Safari browser and visit a website with a Smart App Banner.

Users can then go back into the Settings application to verify that the JavaScript setting switch has been flipped back to the “on” position without warning. Accordingly, JavaScript features on websites will begin working again.

The issue has reportedly existed since the release of iOS 6 months ago, though it has not been widely reported. In addition, people familiar with the latest beta of iOS 6.1 said the problem also remains in Apple’s pre-release test software on the iPhone.

Peter Eckersley, technology products director with digital rights advocacy group the Electronic Frontier Foundation, said he would characterize such an issue as a “serious privacy and security vulnerability.”

Neither Eckersley nor the EFF had heard of the bug in iOS 6, nor had they independently tested to confirm that they were able to replicate the issue. But Eckersley said that if the problem is in fact real, it’s something that Apple should work to address as quickly as possible.

“It is a security issue, it is a privacy issue, and it is a trust issue,” Eckersley said. “Can you trust the UI to do what you told it to do? It’s certainly a bug that needs to be fixed urgently.”

But Lysa Myers, a virus hunter at security firm Intego, said she doesn’t see the bug as a major concern for the vast majority of iOS device owners.

“While this issue is certainly not an ideal situation, by itself it actually isn’t that large a problem,” said Myers. “At the moment it doesn’t pose a threat, but we’ll continue to monitor it to make sure it doesn’t become more exploitable. There’s also the fact that few people actually disable JavaScript completely as it can partially, or totally, disable the majority of websites.”

Stay tuned for additional details as they become available.

Google Chrome updated to 23.0.1271.101

Posted by:
Date: Tuesday, December 18th, 2012, 07:22
Category: News, Software

google-chrome-logo

Hey, an update’s an update.

Late Monday, Google released version 23.0.1271.101 of its Chrome web browser. The update, a 56.5 megabyte download, adds the following fixes and changes:

- This build contains the fix to a bug with sound distortion with microphone input: 157613.

Google Chrome 23.0.1271.101 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Google Chrome updated to 23.0.1271.97

Posted by:
Date: Wednesday, December 12th, 2012, 08:05
Category: News, Software

google-chrome-logo

Hey, an update’s an update.

Late Tuesday, Google released version 23.0.1271.97 of its Chrome web browser. The update, a 56.5 megabyte download, adds the following fixes and changes:

- Some texts in a Website Settings popup are trimmed (Issue: 159156).

- Some plugins stopped working (Issue: 159896).

- Fixed a known crash (Issue:161854).

Google Chrome 23.0.1271.97 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Mozilla releases Firefox 17.0.1 update

Posted by:
Date: Monday, December 3rd, 2012, 08:57
Category: News, Software

elfirefox

Hey, an update’s an update…

Over the weekend, Mozilla.org released version 17.0.1 of its Firefox web browser. The new version, a 34.1 megabyte download and adds the following fixes and changes:

Fixed:
- Font rendering issue in Firefox 17.0 (bug 814101).

- 17.0.1: Reverted user agent change causing some website incompatibilities.

- Over twenty performance improvements, including fixes around the New Tab page.

- 17.0.1: Leaving Private Browsing with Social API enabled should reset social components (814554).

- Pointer lock doesn’t work in web apps (769150).

- Page scrolling on sites with fixed headers (780345).

- Known Issues Unresolved If you try to start Firefox using a locked profile, it will crash (see 573369).

Unresolved:
- For some users, scrolling in the main GMail window will be slower than usual (see 579260).

- Unresolved Windows: The use of Microsoft’s System Restore functionality shortly after updating Firefox may prevent future updates (see 730285).

New:
- First revision of the Social API and support for Facebook Messenger.

- Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user’s permission (see blog post)

Changed:
- Updated Awesome Bar experience with larger icons.

- Mac OS X 10.5 is no longer supported.

Developer:
- JavaScript Maps and Sets are now iterable.

- SVG FillPaint and StrokePaint implemented.

- Improvements that make the Web Console, Debugger and Developer Toolbar faster and easier to use.

- New Markup panel in the Page Inspector allows easy editing of the DOM.

HTML 5:
- Sandbox attribute for iframes implemented, enabling increased security.

Firefox 17.0.1 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Google Chrome updated to 23.0.1271.95

Posted by:
Date: Friday, November 30th, 2012, 08:54
Category: News, Software

google-chrome-logo

You can’t knock a bug fix.

Late Monday, Google released a beta of version Google Chrome updated to 23.0.1271.95 of its Chrome web browser. The update, a 56.5 megabyte download, adds the following fixes and changes:

- [161564] High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team (Jüri Aedla).

- [$7331] [162835] High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie.

Google Chrome 23.0.1271.95 requires an Intel-based Mac with Mac OS X 10.5 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.