Heads Up, Internet Explorer users. A new flaw in the browser’s handling of “createTextRange()” method used for radio buttons in HTML forms has been detected. The vulnerability can be exploited to allow program flow to be re-directed into the heap allowing code to execute with elevated (local user) privileges instead of with the standard Internet (restricted) zone.
Security web site Secunia, who discovered the flaw (Secunia Advisory SA18680), reports that The problem is caused by an array boundary error in the handling of HTML tags with multiple event handlers. The issue can be exploited to cause Internet Explorer 6 to crash through a specially crafted HTML tag with 94 or more event handlers. It rates the vulnerability as “not critical,” its lowest severity rating, and advises avoiding untrusted Web sites until the problem is addressed. The flaw affects fully patched systems with Internet Explorer 6 and Windows XP Service Pack 2. As well as Internet Explorer Beta 2 Preview (January 2006) version.
But there’s really exciting stuff for those of us who don’t use IE unless we absolutely can’t help it. For those specific web sites that refuse to work with either Firefox or Opera. May this tribe of site developers be condemned to a non-GUI interface for eternity 🙂
Ranting over, Opera 9 Technical Preview for Windows Build 8321 introduces an improved version of the Widget interface introduced earlier. According to Opera, widgits are a small Web application. And making a widget is just like making a web page except it functions like an application and lives directly on your desktop. Opera can install and open these widgets, and show them directly on the user’s desktop. Widgets are so-called chromeless applications and will display them without regular user interface elements such as the normal browser controls, like the back button or address bar….
Previous Opera 9 versions were limited to displaying just a web page snapshot when you moused over the page’s browser tab. This latest version introduces the Opera Widgets tab, center top of your screen overlaying the active application window. Opera Widgits remain visible as long as Opera is running. And here’s a handy shortcut: Ctrl+H will reduce Opera to a system tray icon. In the new Opera Widgit interface. Just click the tab to overlay the active application screen with the Opera Widgit interface. This lists installed Widgits with an option to add more. When you do so a small window opens on the Widgit desktop. You can choose to Pin (display on top) a selected widgits to the desktop. The interface is a wonderful idea. But I do wish that clicking the more details about a widgit link didn’t open a new Opera instance. Why can’t the widgits use an existing tabbed interface?
And be careful. The Widgit interface is a bit fragile. Too much fiddling with the settings caused all my widgits to fade away 🙁 That in spite of my best efforts I was unable to make them visible again. All that remained was the screen shot above detailing the Opera Widgit interface and its available options. Although with a bit of peering at the screen I could find traces of a widgit, right-click on it, and then select its Pin (to Desktop) function. For now Opera Widgits are only visible as an overlay while using the Opera web Browser. They remain visible with other applications, but only in the foreground.
My initial test set had a currency calculator offering rates from the IMF (International Monetary Fund). A dictionary powered by TheFreeDictionary. And Digg.com Top 10 stories. The Digg widget seemed the best. Clicking its top bar rolled up the feed display much like Google Chat. And mousing over a story link displayed the short description to right of object. Except this formatting appears hard-coded as I couldn’t get it display to the left even if the selected widgit was aligned to right of screen. And unless a widgit developer offers specific customization preferences, you can’t change the style or layout.
Also new is appearance of the Ctrl+Enter keyboard shortcut to respectively prefix ‘http://www.’ and suffix ‘.com’ to site URLs. I’m looking forward to Opera adding shortcuts for .net and .org like Firefox and Maxthon. And you can also right-click on web form fields to setup widgit-based Saved Searches. And context menu’s Validate (page) option existed before. Except I never checked it. Use it to see if the focused tab content validates according to W3C.orgs’s standards for the declared document type. The included BitTorrent client interface too has been improved. And you can now configure upload and download bandwidth. And ‘b’ prefix in the address bar searches for Torrents using the BitTorrent Search engine. However the client doesn’t have its own menu and you need to tweak settings using the opera:config function. To use, key in “opera:config” in a new tab and press Enter to bring up the XML-based browser configuration screen.
This build also introduces site content blocking. And while can’t blank out web page text. You can block loading icons, logos and other image objects. A boon for those oft-refreshed pages where the text is more important that the graphic elements. To use this feature, right click a page and select Block content. Then follow the on screen instructions. Use Tools > Advanced > Content blocked to manage blocked content properties. Which allow you to add, remove or edit the URLs for blocked content.
A short while ago I ranted about web sites that only work with Internet Explorer. And unless the site uses ActiveX object, often changing the browser user agent is enough to get a web site to open. Opera’s new site specific preferences option for now requires amending an INI file to change user agent settings for specific sites. The community hopes that Opera will eventually include a GUI so that its easy to add such sites to the list.
Other software updates this past week include CrapCleaner 1.28.277 that now includes Hotfix Uninstaller cleaning along with other tweaks and updates. And FileZilla 2.2.19.
That’s it for this week. Next week my first look at a Firefox 2.0 Beta. Stay Safe!