There's bad news for users of alternative browsers this Friday, with both Opera and Firefox subject to security vulnerabilities. A trio of faults in Opera create a means to construct cross-site scripting attacks and other mischief. The worst flaw of the bunch involves the possibility that external news readers or email clients …
Opera released 9.24 addressing the issues on Wednesday so your title is somewhat misleading. It would, of course, be interesting to know how long it took from the bugs being identified to the new version being released. This is a bit different from the usual IE bug reports which usually refer to still open flaws or even new bugs based on previous fixes.
Opera 9.5 will beta next week.
The fossfags told me this was made of diamond! The hardest metal known to man! How could it be vulnerable T_T
I'm sure this will be received and noted in a thoughtful way.
There will be no Fanboy blah blah i.e...blah blah...M$...blah blah Linux....blah blah Mozilla type petty flame ways.
Hardly a menace...
All my installs of Firefox updated themselves yesterday evening, so patched before you'd even published the story.
How long does an IE user have to wait for a fix?
How is the fact that the vulnerabilities have been fixed BAD news? Because you have to download and install an update?
Quit yer whinin' and do some work for a change.
ZzZzZzZzZzzz... eh? wha????
most of us are using the opera9.5 version, way, way faster...
@ Steve Evans
"How long does an IE user have to wait for a fix?"
Assuming the flaw is addressed at all, it will be exploited the day after Patch Tuesday, and not fixed until the following month's Patch Tuesday.
Or it may just never be fixed, like so many long-standing IE flaws. Google for "unpatched IE flaw" and you'll get almost 41,000 hits. substitute "firefox" for "IE" and add "-IE" and you'll get 5,800. "unpatched opera flaw -IE" gets you 6,420 hits.
Some really basic and deceptive statistical analysis thus shows that Internet Explorer is 700% more dangerous than Firefox and 638% more dangerous than Opera.
Every browser suffers exploits. Long as they're fixed eh.
Wow, now I know why I need to install 9.24!
Funny, when I saw 9.23 was updated to 9.24, I knew it must be a security update. I downloaded it, but didn't run it yet. Guess I'll get to getting on with it!
EL Reg FUD
No refusenik problem
What we are dealing with here, is that Adobe does not fix critical security bugs. That browser makers take precautions to prevent Adobe's bugs form causing damage should not be construed as the browsers having a security flaw.
Now I know why Firefox updated *yesterday*, thanks. And yes, it would be interesting to know how long it took them between hearing of the flaws and fixing them, since they had it fixed before I heard of them...
"All three bugs are addressed by upgrading to Opera version 9.24"
But I've been using the latest Opera 9.5 Alpha for some time, and, its been faultless.
Can't recommend it too strongly. Superb & fast.
You make "alternative" sound like the kind of lifestyle choice one's wayward, and still "single" auntie has made. Was this intentional? Hope so
alternative to what?
Lynx, I don't have MS-Windows so Firefox isn't an alternative also it auto updated it's self last night so your a little late.
Did I miss something?
All of these updates have happened for me by autoupdate, before I'd even heard of the bugs.
Anyway, despite all the bug reports, I've never had a problem with any of the major browsers (including IE), so there really is no need to panic.
Stop being so melodramatic.
Title in here...
Talk about shooting the messenger...
@ Morely Dotes
Don't talk rubbish.
Hmmm, I don't think Dan Goodin is spreading fear, uncertainty and doubt by running a story about security updates to two browsers.
The fact is that both Opera and Firefox browsers get vulns fixed much more quickly than does IE. When I launched Firefox this morning (to read El Reg) it prompted me to install 220.127.116.11 - no fuss, job done.
This item appears on the same day as The Register's story ("IE + RealPlayer = Security hole") about yet another exploitable interaction between IE and other apps - and, once again, Active X is at the heart of it.
The story concludes: "Another option is to use Firefox as your primary browser, preferably along with the NoScript add-on." Sound advice, IMO.
I fully understand why the vast majority of non-tech home users browse with IE - it is the default browser when they buy a Windowes machine and no-one tells them there are better, safer alternatives. But I am astonished that genuinely tech-savvy users - as I presume most Register readers to be - champion IE over the alternatives.
I think what you meant to say was.
Some really basic and deceptive statistical analysis thus shows that Internet Explorer is 700% more popular than Firefox and 638% more popular than Opera.
That's why you should use AppArmor. Doesn't matter whatever exploits you throw at it, Fx is not going to get to any data it shouldn't get to.
The 18.104.22.168 Thunderbird update doesn't seem to exist - their website still shows the latest version as 22.214.171.124.
I like how Opera works, but until
it can actually open my Yahoo Mail and not crash it's no go for me.
I know Yahoo lies in bed with M$, but none the less
my email is with them and I can't be arsed to move.
I'll continue using IE for the time being.
It's easy to use. Web developers always make
sure their pages render with it. I can't remember
the last time I actually had a security problem with it
which is more than I can say for firefox, for all the updates
both of them get.
As a developer I know Firefox is probably better and possibly
more secure (until you start bolting on 101 bad plugins),
however as a user IE always takes the day for me.
Alot of firefox users are to eager to poo poo it but haven't used IE
full time in years.
As a developer, you recommend IE?
I read my yahoo mail 2 or 3 times a day using opera. It's never crashed yet.
So theres bugs....
...in OLD versions of Firefox and Opera.
Is this really newsworthy? As long as they are fixed in the LATEST version, why does it matter?
Aint bothered about that.. they get fixed pronto... Wait till you get this shit.....
What chance of getting that fixed ?
You can set konqueror to identify itself as a different browser for that site.
Settings - > Configure Konqueror -> Browser Identification -> The "New" button on the "Site Specific Identification" box should do the trick for you, there you are fixed
All the FOSS lot whine and complain about Microsoft enabling auto updates by default to apply fixes to these kind of issues, but it's fine when Mozilla or Opera do it as 'They are fixing the problem'
@ Dave Dowell
That didn't work (debian 64 here) but following your advice and experimenting I've sussed it.
Switched off Identification.
Roberts my Fathers brother.
- Nuke plants to rely on PDP-11 code UNTIL 2050!
- Spin doctors brazenly fiddle with tiny bits in front of the neighbours
- Game Theory Out with a bang: The Last of Us lets PS3 exit with head held high
- That Microsoft-Nokia merger you've been predicting? It's no go
- Microsoft breaks bug-bounty virginity in $100,000 contest