Opera releases update for 'extremely severe' vulns

Back to the article

Anonymous Coward

Ouch #

Posted Tuesday 16th December 2008 21:51 GMT

..but at least Opera software fix these things fast, unlike Apple or Microsoft do for their browser. Six months in the wild and being exploited? That's nothing to IE.. :)

(Honourable mention for Firefox too, nice fast fixes and decent disclosure)

lucmars

Yep #

Posted Tuesday 16th December 2008 21:51 GMT

Even Opera

Heff

Gets antibiotics, too? #

Posted Wednesday 17th December 2008 12:07 GMT

"extreme" = understatement, perhaps the PSA might be better rephrased as "opera removes tramp-stamp, headboard lube dispenser and extra butthole from OS, ditches 'Ripple' as beverage of choice."

I know they dont have the test-budget that M$ or apple has, but such gaping vulnerabilities going live is pretty awful, especially for a browser most tech-literate folk tend to love.

Paris, for the gaping hole aspect.

Anonymous Coward

Seven? #

Posted Wednesday 17th December 2008 12:07 GMT

If there are seven of them I assume some of them are quite old and they've waited to roll them into one update. I'm an Opera user and fan and I would have hoped for better. Funny isn't it how the IE story is treated as a big negative, yet people seem to be be seeing this one as positive? Personally I'm appalled that they've sat on these vulnerabilities.

Cameron Colley

Is the XSS handling a flaw? #

Posted Wednesday 17th December 2008 12:07 GMT

As I understand it, XSS is using Javascript(or similar) to make objects from one domain appear to be from another. It also appears that every browser out there that supports scripting has found to be unsafe in it's handling of XSS.

So, my question is, is this a flaw in the implementation or is this how things were originally intended to work? The recent article about Google's scripts being referenced by Obama's website suggests that scripts from other domain are supposed to appear to be from the original domain and that the real problem here is that people let anyone who feels like it embed anything they like on their pages.

Secondly, using NoScript even before it's "XSS Prevention" used to prevent a lot of problems provided you whitelisted your sites correctly -- what's the difference between this and the new "XSS attack prevention"

Can anyone who knows their stuff explain?

SnakeskinCowboy

The point is.. #

Posted Wednesday 17th December 2008 13:34 GMT

Only Opera patches things in a timely manner. It still has zero unpatched vulnerabilities. Even Firefox with it's opensource code has loads of nasty unfixed problems.

Anonymous Coward

Re: The point is.. #

Posted Wednesday 17th December 2008 16:15 GMT

I've been rooted running the latest opera on what turned out to be a malicious site. So don't feel too secure.

Paris, because she knows what it's like to be rooted.

Anonymous Coward

Firefox goes one louder #

Posted Wednesday 17th December 2008 19:09 GMT

This was yesterday, IE was the day before that, and today Firefox has 8 critical holes.

And this isn't the first time that a wave of holes has put all the top browsers in the news within the space of a couple of days. How can anyone bash Microsoft for the bugs in their empire of software when these small companies who only make one or two apps can't even get their act together.

Software is all piss poor. Let's see what happens over the next 20 years as the same kind of Chinese minds that did the Olympic opening ceremony start coding mainstream apps. Maybe they'll fare better than us.

Anonymous Coward