Slashdot Mirror
Opera 7.0 Security Holes ... Fixed
An anonymous reader writes "GreyMagic has issued five new security advisories for the recently-released Opera 7.0. They affect the security model, the javascript console, images, the history and the error log (allowing access to the history). A new version will be released within 24 hours to fix the holes, according to an article at The Register." Update: 02/05 02:01 GMT by T : An anonymous reader writes "Opera Software have just released Opera 7.01 for Windows. This version fixes the recently discovered security holes less than 24 hours after they were discovered - a very impressive turnaround! The release is currently only available on Opera's FTP site. It can be downloaded with Java (12.9Mb) or without (3.3Mb)."
Opera 7 is nice but I am disinclined to put any new version of a browser on a critical computer. Other cautious types won't have been inconveienced greatly either.
I like mouse gestures, but I don't know what to make of the new spatial navigation feature. yet.
Last time there was a serious browser security problem KDE got Konqueror fixed by evening,Opera had fixes on one platform after a day and another platform after a couple of days, and Mozilla was about a sgood.
Many of my colleagues were still using the only major browser that took a week before anyone admitted they owned a problem, when the fix eventually came out.
"That aint free. That's ADWARE. Crap I dont want on windows OR Linux."
Um. Why not?
The ads in Opera are not:
- Popups
- Spyware
- Intrusive
A small area of the interface has a banner. That's it. It doesn't do anything unless you click on it, and sometimes you even get cartoons up there!
I'd understand your attitude if the ads were like what Kazaa does, but that's not even close to the case here. It's no more than going to a site with a banner at the top. Only, in this case, the banner is up and out of the way and not part of the page itself.
My only nitpick about it is I wouldn't mind using that space to have more room for shortcuts etc. That'd be the big benefit to paying for it, really. The ads just aren't of much concern.
Furthermore, in an application - the problem of cohesion and coupling will forever rise. Unfortunately, many applications have modules that are heavily linked so when you ask "What isn't affected?", you aren't considering how many applications are programmed. Frankly, if module A is broken, in many, many cases where the design team was on the project for two weeks and the coding team never even talked to the design team, this would mean that B - F are also broken. I'm not saying this is a problem with Opera but some security flaws in a given module will often result in flaws being found in others.
I hate liberals. If you are a liberal, do not reply.
They're crazy I tells ya!
...that full disclosure of security issues is not in the publics interest. Opera has aggressively been working on the problems, and has released 7.01 which (AFAIK) fixes said problems. However, they did not have reasonable time to address each issue once found.
It's one thing when a company sits on an exploit for a month without even aknowledging it. It's another when a company acknowledges it, and requests a reasonable amount of time to make a fix, and regression test that fix. Sheeshe, give these guys a break - they patched very quickly and from what it looks like it's a stable patch.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
I'm a web developer running Win2K on all my dev machines. I run Opera, IE, Netscape and Phoenix on a daily basis. I paid for Opera 6. I paid for Opera 7 while it was still in beta. I paid for them because I believe any company who can fit something as comprehensive as Opera 7 into a 3Mb download deserve a little recognition, and at least now if it all goes wrong and Opera disappears into obscurity, I won't feel like it was my fault. :)
Technically, it has it's problems - although many of them aren't Opera's fault. Too many existing sites are developed for IE/Netscape instead of being built around standards. I fire up IE for non-Opera compatible sites at least a couple of times a day - online banking being the main culprit. And I still can't get my head around the Opera 7 mail client. Outlook Express ain't perfect, but at least I can find my mail...
Thing is, I *like* Opera. Opera's tabbed browsing is the best I've ever seen. Opera handles 99% of existing websites and about 1% of known security exploits. I like the interface, I like the philosophy behind it, I like the fact that it supports alpha-channel PNGs even though there's not a website on earth that uses them properly 'cos IE still won't support them. I like the fact that you can zoom a page visually as opposed to just enlarging the font size - really useful if you're running 1600x1200 on a 17" monitor and someone's hardcoded their text to be 8px high. And - to be perfectly frank - I just like the fact that *someone* is taking W3C standards seriously, and I think that's worth $39. In terms of hours-usage-per-dollar, Opera represents much better value for money than Quake III or Deus Ex, and I didn't feel like either of those ripped me off... :)
-- Open Source: It's mad, but you don't have to work here to help.
I can't think of a single pice of software that meets those conditions. Not Linux, XFree86, KDE, GNOME, BSD, Apache, or even Hurd. Perhaps you should look up the true meaning of "public domain" (and possibly read the GPL).
It's hard to be religious when certain people are never incinerated by bolts of lightning.