Feeds

back to article Opera releases update for 'extremely severe' vulns

Opera pushed out an update to its popular web browser on Tuesday that fixes vulnerabilities it described as "extremely severe". The update fixes seven security bugs, some of which were previously known. Version 9.63 of the browser addresses separate code injection risks stemming from flaws in HTML parsing and text inputing, …

COMMENTS

This topic is closed for new posts.
Alert

Ouch

..but at least Opera software fix these things fast, unlike Apple or Microsoft do for their browser. Six months in the wild and being exploited? That's nothing to IE.. :)

(Honourable mention for Firefox too, nice fast fixes and decent disclosure)

0
0

Yep

Even Opera

0
0
Paris Hilton

Gets antibiotics, too?

"extreme" = understatement, perhaps the PSA might be better rephrased as "opera removes tramp-stamp, headboard lube dispenser and extra butthole from OS, ditches 'Ripple' as beverage of choice."

I know they dont have the test-budget that M$ or apple has, but such gaping vulnerabilities going live is pretty awful, especially for a browser most tech-literate folk tend to love.

Paris, for the gaping hole aspect.

0
0
Anonymous Coward

Seven?

If there are seven of them I assume some of them are quite old and they've waited to roll them into one update. I'm an Opera user and fan and I would have hoped for better. Funny isn't it how the IE story is treated as a big negative, yet people seem to be be seeing this one as positive? Personally I'm appalled that they've sat on these vulnerabilities.

0
0

Is the XSS handling a flaw?

As I understand it, XSS is using Javascript(or similar) to make objects from one domain appear to be from another. It also appears that every browser out there that supports scripting has found to be unsafe in it's handling of XSS.

So, my question is, is this a flaw in the implementation or is this how things were originally intended to work? The recent article about Google's scripts being referenced by Obama's website suggests that scripts from other domain are supposed to appear to be from the original domain and that the real problem here is that people let anyone who feels like it embed anything they like on their pages.

Secondly, using NoScript even before it's "XSS Prevention" used to prevent a lot of problems provided you whitelisted your sites correctly -- what's the difference between this and the new "XSS attack prevention"

Can anyone who knows their stuff explain?

0
0

The point is..

Only Opera patches things in a timely manner. It still has zero unpatched vulnerabilities. Even Firefox with it's opensource code has loads of nasty unfixed problems.

0
0
Paris Hilton

Re: The point is..

I've been rooted running the latest opera on what turned out to be a malicious site. So don't feel too secure.

Paris, because she knows what it's like to be rooted.

0
0
Anonymous Coward

Firefox goes one louder

This was yesterday, IE was the day before that, and today Firefox has 8 critical holes.

And this isn't the first time that a wave of holes has put all the top browsers in the news within the space of a couple of days. How can anyone bash Microsoft for the bugs in their empire of software when these small companies who only make one or two apps can't even get their act together.

Software is all piss poor. Let's see what happens over the next 20 years as the same kind of Chinese minds that did the Olympic opening ceremony start coding mainstream apps. Maybe they'll fare better than us.

0
0
Anonymous Coward

re: SnakeskinCowboy

How come some of these have taken months to address http://readlist.com/lists/securityfocus.com/bugtraq/5/25201.html

0
0
This topic is closed for new posts.