back to article Bad hair day for alternative browser users

There's bad news for users of alternative browsers this Friday, with both Opera and Firefox subject to security vulnerabilities. A trio of faults in Opera create a means to construct cross-site scripting attacks and other mischief. The worst flaw of the bunch involves the possibility that external news readers or email clients …

COMMENTS

This topic is closed for new posts.
  1. Charlie Clark Silver badge

    Crap title

    Opera released 9.24 addressing the issues on Wednesday so your title is somewhat misleading. It would, of course, be interesting to know how long it took from the bugs being identified to the new version being released. This is a bit different from the usual IE bug reports which usually refer to still open flaws or even new bugs based on previous fixes.

    Opera 9.5 will beta next week.

  2. Anonymous Coward
    Unhappy

    but

    NOOOOOO

    The fossfags told me this was made of diamond! The hardest metal known to man! How could it be vulnerable T_T

  3. Anonymous Coward
    Thumb Up

    Thankyou

    I'm sure this will be received and noted in a thoughtful way.

    There will be no Fanboy blah blah i.e...blah blah...M$...blah blah Linux....blah blah Mozilla type petty flame ways.

  4. Steve Evans
    Happy

    Hardly a menace...

    All my installs of Firefox updated themselves yesterday evening, so patched before you'd even published the story.

    How long does an IE user have to wait for a fix?

  5. Steven Knox Silver badge
    Dead Vulture

    Bad news?

    How is the fact that the vulnerabilities have been fixed BAD news? Because you have to download and install an update?

    Quit yer whinin' and do some work for a change.

  6. fon

    ZzZzZzZzZzzz... eh? wha????

    most of us are using the opera9.5 version, way, way faster...

  7. Morely Dotes
    Coat

    @ Steve Evans

    "How long does an IE user have to wait for a fix?"

    Assuming the flaw is addressed at all, it will be exploited the day after Patch Tuesday, and not fixed until the following month's Patch Tuesday.

    Or it may just never be fixed, like so many long-standing IE flaws. Google for "unpatched IE flaw" and you'll get almost 41,000 hits. substitute "firefox" for "IE" and add "-IE" and you'll get 5,800. "unpatched opera flaw -IE" gets you 6,420 hits.

    Some really basic and deceptive statistical analysis thus shows that Internet Explorer is 700% more dangerous than Firefox and 638% more dangerous than Opera.

  8. Steven Foster
    Thumb Up

    Oh well.

    Every browser suffers exploits. Long as they're fixed eh.

  9. Anonymous Coward
    IT Angle

    Wow, now I know why I need to install 9.24!

    Funny, when I saw 9.23 was updated to 9.24, I knew it must be a security update. I downloaded it, but didn't run it yet. Guess I'll get to getting on with it!

  10. DaveTheRave
    Happy

    Very good

    EL Reg FUD

  11. Anonymous Coward
    Anonymous Coward

    No refusenik problem

    What we are dealing with here, is that Adobe does not fix critical security bugs. That browser makers take precautions to prevent Adobe's bugs form causing damage should not be construed as the browsers having a security flaw.

  12. J

    Ah...

    Now I know why Firefox updated *yesterday*, thanks. And yes, it would be interesting to know how long it took them between hearing of the flaws and fixing them, since they had it fixed before I heard of them...

  13. Anonymous Coward
    Anonymous Coward

    Opera............

    .

    "All three bugs are addressed by upgrading to Opera version 9.24"

    But I've been using the latest Opera 9.5 Alpha for some time, and, its been faultless.

    Can't recommend it too strongly. Superb & fast.

  14. Senor Beavis
    Go

    Alternative

    You make "alternative" sound like the kind of lifestyle choice one's wayward, and still "single" auntie has made. Was this intentional? Hope so

  15. Alan Donaly
    Happy

    alternative to what?

    Lynx, I don't have MS-Windows so Firefox isn't an alternative also it auto updated it's self last night so your a little late.

  16. Anonymous Coward
    Happy

    Did I miss something?

    All of these updates have happened for me by autoupdate, before I'd even heard of the bugs.

    Anyway, despite all the bug reports, I've never had a problem with any of the major browsers (including IE), so there really is no need to panic.

    Stop being so melodramatic.

  17. Tony
    Paris Hilton

    Title in here...

    Talk about shooting the messenger...

  18. Anonymous Coward
    Stop

    @ Morely Dotes

    Don't talk rubbish.

  19. Sceptical Bastard

    FUD?

    Hmmm, I don't think Dan Goodin is spreading fear, uncertainty and doubt by running a story about security updates to two browsers.

    The fact is that both Opera and Firefox browsers get vulns fixed much more quickly than does IE. When I launched Firefox this morning (to read El Reg) it prompted me to install 2.0.0.8 - no fuss, job done.

    This item appears on the same day as The Register's story ("IE + RealPlayer = Security hole") about yet another exploitable interaction between IE and other apps - and, once again, Active X is at the heart of it.

    The story concludes: "Another option is to use Firefox as your primary browser, preferably along with the NoScript add-on." Sound advice, IMO.

    I fully understand why the vast majority of non-tech home users browse with IE - it is the default browser when they buy a Windowes machine and no-one tells them there are better, safer alternatives. But I am astonished that genuinely tech-savvy users - as I presume most Register readers to be - champion IE over the alternatives.

  20. SpitefulGOD
    Gates Halo

    @Steve Evans

    I think what you meant to say was.

    Some really basic and deceptive statistical analysis thus shows that Internet Explorer is 700% more popular than Firefox and 638% more popular than Opera.

  21. Martijn Otto
    Stop

    AppArmor anyone?

    That's why you should use AppArmor. Doesn't matter whatever exploits you throw at it, Fx is not going to get to any data it shouldn't get to.

  22. Chris Clawson
    Alert

    Thunderbird?

    The 2.0.0.8 Thunderbird update doesn't seem to exist - their website still shows the latest version as 2.0.0.6.

  23. Anonymous Coward
    Boffin

    :-S

    I like how Opera works, but until

    it can actually open my Yahoo Mail and not crash it's no go for me.

    I know Yahoo lies in bed with M$, but none the less

    my email is with them and I can't be arsed to move.

    I'll continue using IE for the time being.

    It's easy to use. Web developers always make

    sure their pages render with it. I can't remember

    the last time I actually had a security problem with it

    which is more than I can say for firefox, for all the updates

    both of them get.

    As a developer I know Firefox is probably better and possibly

    more secure (until you start bolting on 101 bad plugins),

    however as a user IE always takes the day for me.

    Alot of firefox users are to eager to poo poo it but haven't used IE

    full time in years.

  24. Mark Cavanagh

    @ ChriZ

    As a developer, you recommend IE?

    Seriously?

  25. Anonymous Coward
    Anonymous Coward

    yahoo mail?

    I read my yahoo mail 2 or 3 times a day using opera. It's never crashed yet.

  26. Chris Papaioannou
    Thumb Down

    So theres bugs....

    ...in OLD versions of Firefox and Opera.

    Is this really newsworthy? As long as they are fixed in the LATEST version, why does it matter?

  27. Outcast
    Unhappy

    vulnerability ?

    Bah!

    Aint bothered about that.. they get fixed pronto... Wait till you get this shit.....

    http://farm3.static.flickr.com/2236/1576719145_6aa6fe07ac_o.jpg

    What chance of getting that fixed ?

  28. Anonymous Coward
    Happy

    @Outast

    You can set konqueror to identify itself as a different browser for that site.

    Settings - > Configure Konqueror -> Browser Identification -> The "New" button on the "Site Specific Identification" box should do the trick for you, there you are fixed

  29. Anonymous Coward
    Stop

    So

    All the FOSS lot whine and complain about Microsoft enabling auto updates by default to apply fixes to these kind of issues, but it's fine when Mozilla or Opera do it as 'They are fixing the problem'

  30. Outcast
    Thumb Up

    @ Dave Dowell

    That didn't work (debian 64 here) but following your advice and experimenting I've sussed it.

    Switched off Identification.

    Roberts my Fathers brother.

    MuchOS GraciOS

    ;-)

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019