Opera pushed out an update to its popular web browser on Tuesday that fixes vulnerabilities it described as "extremely severe". The update fixes seven security bugs, some of which were previously known. Version 9.63 of the browser addresses separate code injection risks stemming from flaws in HTML parsing and text inputing, …
..but at least Opera software fix these things fast, unlike Apple or Microsoft do for their browser. Six months in the wild and being exploited? That's nothing to IE.. :)
(Honourable mention for Firefox too, nice fast fixes and decent disclosure)
Gets antibiotics, too?
"extreme" = understatement, perhaps the PSA might be better rephrased as "opera removes tramp-stamp, headboard lube dispenser and extra butthole from OS, ditches 'Ripple' as beverage of choice."
I know they dont have the test-budget that M$ or apple has, but such gaping vulnerabilities going live is pretty awful, especially for a browser most tech-literate folk tend to love.
Paris, for the gaping hole aspect.
If there are seven of them I assume some of them are quite old and they've waited to roll them into one update. I'm an Opera user and fan and I would have hoped for better. Funny isn't it how the IE story is treated as a big negative, yet people seem to be be seeing this one as positive? Personally I'm appalled that they've sat on these vulnerabilities.
Is the XSS handling a flaw?
So, my question is, is this a flaw in the implementation or is this how things were originally intended to work? The recent article about Google's scripts being referenced by Obama's website suggests that scripts from other domain are supposed to appear to be from the original domain and that the real problem here is that people let anyone who feels like it embed anything they like on their pages.
Secondly, using NoScript even before it's "XSS Prevention" used to prevent a lot of problems provided you whitelisted your sites correctly -- what's the difference between this and the new "XSS attack prevention"
Can anyone who knows their stuff explain?
The point is..
Only Opera patches things in a timely manner. It still has zero unpatched vulnerabilities. Even Firefox with it's opensource code has loads of nasty unfixed problems.
Re: The point is..
I've been rooted running the latest opera on what turned out to be a malicious site. So don't feel too secure.
Paris, because she knows what it's like to be rooted.
Firefox goes one louder
This was yesterday, IE was the day before that, and today Firefox has 8 critical holes.
And this isn't the first time that a wave of holes has put all the top browsers in the news within the space of a couple of days. How can anyone bash Microsoft for the bugs in their empire of software when these small companies who only make one or two apps can't even get their act together.
Software is all piss poor. Let's see what happens over the next 20 years as the same kind of Chinese minds that did the Olympic opening ceremony start coding mainstream apps. Maybe they'll fare better than us.
How come some of these have taken months to address http://readlist.com/lists/securityfocus.com/bugtraq/5/25201.html
- JLaw, Kate Upton exposed in celeb nude pics hack
- Google flushes out users of old browsers by serving up CLUNKY, AGED version of search
- GCHQ protesters stick it to British spooks ... by drinking urine
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Something for the Weekend, Sir? If you think 3D printing is just firing blanks, just you wait