back to article Bad hair day for alternative browser users

There's bad news for users of alternative browsers this Friday, with both Opera and Firefox subject to security vulnerabilities. A trio of faults in Opera create a means to construct cross-site scripting attacks and other mischief. The worst flaw of the bunch involves the possibility that external news readers or email clients …

COMMENTS

This topic is closed for new posts.
Silver badge

Crap title

Opera released 9.24 addressing the issues on Wednesday so your title is somewhat misleading. It would, of course, be interesting to know how long it took from the bugs being identified to the new version being released. This is a bit different from the usual IE bug reports which usually refer to still open flaws or even new bugs based on previous fixes.

Opera 9.5 will beta next week.

0
0
Unhappy

but

NOOOOOO

The fossfags told me this was made of diamond! The hardest metal known to man! How could it be vulnerable T_T

0
0
Silver badge
Thumb Up

Thankyou

I'm sure this will be received and noted in a thoughtful way.

There will be no Fanboy blah blah i.e...blah blah...M$...blah blah Linux....blah blah Mozilla type petty flame ways.

0
0
Silver badge
Happy

Hardly a menace...

All my installs of Firefox updated themselves yesterday evening, so patched before you'd even published the story.

How long does an IE user have to wait for a fix?

0
0
Silver badge
Dead Vulture

Bad news?

How is the fact that the vulnerabilities have been fixed BAD news? Because you have to download and install an update?

Quit yer whinin' and do some work for a change.

0
0
fon

ZzZzZzZzZzzz... eh? wha????

most of us are using the opera9.5 version, way, way faster...

0
0
Coat

@ Steve Evans

"How long does an IE user have to wait for a fix?"

Assuming the flaw is addressed at all, it will be exploited the day after Patch Tuesday, and not fixed until the following month's Patch Tuesday.

Or it may just never be fixed, like so many long-standing IE flaws. Google for "unpatched IE flaw" and you'll get almost 41,000 hits. substitute "firefox" for "IE" and add "-IE" and you'll get 5,800. "unpatched opera flaw -IE" gets you 6,420 hits.

Some really basic and deceptive statistical analysis thus shows that Internet Explorer is 700% more dangerous than Firefox and 638% more dangerous than Opera.

0
0
Thumb Up

Oh well.

Every browser suffers exploits. Long as they're fixed eh.

0
0
IT Angle

Wow, now I know why I need to install 9.24!

Funny, when I saw 9.23 was updated to 9.24, I knew it must be a security update. I downloaded it, but didn't run it yet. Guess I'll get to getting on with it!

0
0
Happy

Very good

EL Reg FUD

0
0
Anonymous Coward

No refusenik problem

What we are dealing with here, is that Adobe does not fix critical security bugs. That browser makers take precautions to prevent Adobe's bugs form causing damage should not be construed as the browsers having a security flaw.

0
0
J

Ah...

Now I know why Firefox updated *yesterday*, thanks. And yes, it would be interesting to know how long it took them between hearing of the flaws and fixing them, since they had it fixed before I heard of them...

0
0
Anonymous Coward

Opera............

.

"All three bugs are addressed by upgrading to Opera version 9.24"

But I've been using the latest Opera 9.5 Alpha for some time, and, its been faultless.

Can't recommend it too strongly. Superb & fast.

0
0
Go

Alternative

You make "alternative" sound like the kind of lifestyle choice one's wayward, and still "single" auntie has made. Was this intentional? Hope so

0
0
Happy

alternative to what?

Lynx, I don't have MS-Windows so Firefox isn't an alternative also it auto updated it's self last night so your a little late.

0
0
Happy

Did I miss something?

All of these updates have happened for me by autoupdate, before I'd even heard of the bugs.

Anyway, despite all the bug reports, I've never had a problem with any of the major browsers (including IE), so there really is no need to panic.

Stop being so melodramatic.

0
0
Paris Hilton

Title in here...

Talk about shooting the messenger...

0
0
Stop

@ Morely Dotes

Don't talk rubbish.

0
0

FUD?

Hmmm, I don't think Dan Goodin is spreading fear, uncertainty and doubt by running a story about security updates to two browsers.

The fact is that both Opera and Firefox browsers get vulns fixed much more quickly than does IE. When I launched Firefox this morning (to read El Reg) it prompted me to install 2.0.0.8 - no fuss, job done.

This item appears on the same day as The Register's story ("IE + RealPlayer = Security hole") about yet another exploitable interaction between IE and other apps - and, once again, Active X is at the heart of it.

The story concludes: "Another option is to use Firefox as your primary browser, preferably along with the NoScript add-on." Sound advice, IMO.

I fully understand why the vast majority of non-tech home users browse with IE - it is the default browser when they buy a Windowes machine and no-one tells them there are better, safer alternatives. But I am astonished that genuinely tech-savvy users - as I presume most Register readers to be - champion IE over the alternatives.

0
0
Gates Halo

@Steve Evans

I think what you meant to say was.

Some really basic and deceptive statistical analysis thus shows that Internet Explorer is 700% more popular than Firefox and 638% more popular than Opera.

0
0
Stop

AppArmor anyone?

That's why you should use AppArmor. Doesn't matter whatever exploits you throw at it, Fx is not going to get to any data it shouldn't get to.

0
0
Alert

Thunderbird?

The 2.0.0.8 Thunderbird update doesn't seem to exist - their website still shows the latest version as 2.0.0.6.

0
0
Boffin

:-S

I like how Opera works, but until

it can actually open my Yahoo Mail and not crash it's no go for me.

I know Yahoo lies in bed with M$, but none the less

my email is with them and I can't be arsed to move.

I'll continue using IE for the time being.

It's easy to use. Web developers always make

sure their pages render with it. I can't remember

the last time I actually had a security problem with it

which is more than I can say for firefox, for all the updates

both of them get.

As a developer I know Firefox is probably better and possibly

more secure (until you start bolting on 101 bad plugins),

however as a user IE always takes the day for me.

Alot of firefox users are to eager to poo poo it but haven't used IE

full time in years.

0
0

@ ChriZ

As a developer, you recommend IE?

Seriously?

0
0
Anonymous Coward

yahoo mail?

I read my yahoo mail 2 or 3 times a day using opera. It's never crashed yet.

0
0
Thumb Down

So theres bugs....

...in OLD versions of Firefox and Opera.

Is this really newsworthy? As long as they are fixed in the LATEST version, why does it matter?

0
0
Unhappy

vulnerability ?

Bah!

Aint bothered about that.. they get fixed pronto... Wait till you get this shit.....

http://farm3.static.flickr.com/2236/1576719145_6aa6fe07ac_o.jpg

What chance of getting that fixed ?

0
0
Happy

@Outast

You can set konqueror to identify itself as a different browser for that site.

Settings - > Configure Konqueror -> Browser Identification -> The "New" button on the "Site Specific Identification" box should do the trick for you, there you are fixed

0
0
Stop

So

All the FOSS lot whine and complain about Microsoft enabling auto updates by default to apply fixes to these kind of issues, but it's fine when Mozilla or Opera do it as 'They are fixing the problem'

0
0
Thumb Up

@ Dave Dowell

That didn't work (debian 64 here) but following your advice and experimenting I've sussed it.

Switched off Identification.

Roberts my Fathers brother.

MuchOS GraciOS

;-)

0
0
This topic is closed for new posts.

Forums