There's bad news for users of alternative browsers this Friday, with both Opera and Firefox subject to security vulnerabilities. A trio of faults in Opera create a means to construct cross-site scripting attacks and other mischief. The worst flaw of the bunch involves the possibility that external news readers or email clients …
This topic is closed for new posts.
Posted Friday 19th October 2007 14:24 GMT
Opera released 9.24 addressing the issues on Wednesday so your title is somewhat misleading. It would, of course, be interesting to know how long it took from the bugs being identified to the new version being released. This is a bit different from the usual IE bug reports which usually refer to still open flaws or even new bugs based on previous fixes.
Opera 9.5 will beta next week.
Posted Friday 19th October 2007 14:24 GMT
NOOOOOO
The fossfags told me this was made of diamond! The hardest metal known to man! How could it be vulnerable T_T
Posted Friday 19th October 2007 14:24 GMT
I'm sure this will be received and noted in a thoughtful way.
There will be no Fanboy blah blah i.e...blah blah...M$...blah blah Linux....blah blah Mozilla type petty flame ways.
Posted Friday 19th October 2007 14:24 GMT
All my installs of Firefox updated themselves yesterday evening, so patched before you'd even published the story.
How long does an IE user have to wait for a fix?
Posted Friday 19th October 2007 17:56 GMT
How is the fact that the vulnerabilities have been fixed BAD news? Because you have to download and install an update?
Quit yer whinin' and do some work for a change.
Posted Friday 19th October 2007 17:56 GMT
most of us are using the opera9.5 version, way, way faster...
Posted Friday 19th October 2007 17:56 GMT
"How long does an IE user have to wait for a fix?"
Assuming the flaw is addressed at all, it will be exploited the day after Patch Tuesday, and not fixed until the following month's Patch Tuesday.
Or it may just never be fixed, like so many long-standing IE flaws. Google for "unpatched IE flaw" and you'll get almost 41,000 hits. substitute "firefox" for "IE" and add "-IE" and you'll get 5,800. "unpatched opera flaw -IE" gets you 6,420 hits.
Some really basic and deceptive statistical analysis thus shows that Internet Explorer is 700% more dangerous than Firefox and 638% more dangerous than Opera.
Posted Friday 19th October 2007 17:56 GMT
Every browser suffers exploits. Long as they're fixed eh.
Posted Friday 19th October 2007 17:56 GMT
Funny, when I saw 9.23 was updated to 9.24, I knew it must be a security update. I downloaded it, but didn't run it yet. Guess I'll get to getting on with it!
Posted Friday 19th October 2007 18:13 GMT
What we are dealing with here, is that Adobe does not fix critical security bugs. That browser makers take precautions to prevent Adobe's bugs form causing damage should not be construed as the browsers having a security flaw.
Posted Friday 19th October 2007 18:13 GMT
Now I know why Firefox updated *yesterday*, thanks. And yes, it would be interesting to know how long it took them between hearing of the flaws and fixing them, since they had it fixed before I heard of them...
Posted Friday 19th October 2007 19:04 GMT
.
"All three bugs are addressed by upgrading to Opera version 9.24"
But I've been using the latest Opera 9.5 Alpha for some time, and, its been faultless.
Can't recommend it too strongly. Superb & fast.
Posted Friday 19th October 2007 21:47 GMT
You make "alternative" sound like the kind of lifestyle choice one's wayward, and still "single" auntie has made. Was this intentional? Hope so
Posted Friday 19th October 2007 21:47 GMT
Lynx, I don't have MS-Windows so Firefox isn't an alternative also it auto updated it's self last night so your a little late.
Posted Saturday 20th October 2007 13:25 GMT
All of these updates have happened for me by autoupdate, before I'd even heard of the bugs.
Anyway, despite all the bug reports, I've never had a problem with any of the major browsers (including IE), so there really is no need to panic.
Stop being so melodramatic.
Posted Saturday 20th October 2007 13:25 GMT
Hmmm, I don't think Dan Goodin is spreading fear, uncertainty and doubt by running a story about security updates to two browsers.
The fact is that both Opera and Firefox browsers get vulns fixed much more quickly than does IE. When I launched Firefox this morning (to read El Reg) it prompted me to install 2.0.0.8 - no fuss, job done.
This item appears on the same day as The Register's story ("IE + RealPlayer = Security hole") about yet another exploitable interaction between IE and other apps - and, once again, Active X is at the heart of it.
The story concludes: "Another option is to use Firefox as your primary browser, preferably along with the NoScript add-on." Sound advice, IMO.
I fully understand why the vast majority of non-tech home users browse with IE - it is the default browser when they buy a Windowes machine and no-one tells them there are better, safer alternatives. But I am astonished that genuinely tech-savvy users - as I presume most Register readers to be - champion IE over the alternatives.
Posted Saturday 20th October 2007 13:25 GMT
I think what you meant to say was.
Some really basic and deceptive statistical analysis thus shows that Internet Explorer is 700% more popular than Firefox and 638% more popular than Opera.
Posted Saturday 20th October 2007 13:25 GMT
That's why you should use AppArmor. Doesn't matter whatever exploits you throw at it, Fx is not going to get to any data it shouldn't get to.
Posted Saturday 20th October 2007 13:30 GMT
The 2.0.0.8 Thunderbird update doesn't seem to exist - their website still shows the latest version as 2.0.0.6.
Posted Saturday 20th October 2007 16:12 GMT
I like how Opera works, but until
it can actually open my Yahoo Mail and not crash it's no go for me.
I know Yahoo lies in bed with M$, but none the less
my email is with them and I can't be arsed to move.
I'll continue using IE for the time being.
It's easy to use. Web developers always make
sure their pages render with it. I can't remember
the last time I actually had a security problem with it
which is more than I can say for firefox, for all the updates
both of them get.
As a developer I know Firefox is probably better and possibly
more secure (until you start bolting on 101 bad plugins),
however as a user IE always takes the day for me.
Alot of firefox users are to eager to poo poo it but haven't used IE
full time in years.
Posted Sunday 21st October 2007 00:06 GMT
I read my yahoo mail 2 or 3 times a day using opera. It's never crashed yet.
Posted Sunday 21st October 2007 00:06 GMT
...in OLD versions of Firefox and Opera.
Is this really newsworthy? As long as they are fixed in the LATEST version, why does it matter?
Posted Sunday 21st October 2007 00:06 GMT
Bah!
Aint bothered about that.. they get fixed pronto... Wait till you get this shit.....
http://farm3.static.flickr.com/2236/1576719145_6aa6fe07ac_o.jpg
What chance of getting that fixed ?
Posted Sunday 21st October 2007 04:19 GMT
You can set konqueror to identify itself as a different browser for that site.
Settings - > Configure Konqueror -> Browser Identification -> The "New" button on the "Site Specific Identification" box should do the trick for you, there you are fixed
Posted Sunday 21st October 2007 07:53 GMT
All the FOSS lot whine and complain about Microsoft enabling auto updates by default to apply fixes to these kind of issues, but it's fine when Mozilla or Opera do it as 'They are fixing the problem'
Posted Sunday 21st October 2007 18:03 GMT
That didn't work (debian 64 here) but following your advice and experimenting I've sussed it.
Switched off Identification.
Roberts my Fathers brother.
MuchOS GraciOS
;-)
This topic is closed for new posts.
Back to the article
Transforming IT culture
Driving Situational Awareness:
Application Performance Management:
Ensuring service assurance in the new normal
