Slashdot Mirror

← Back to Stories (view on slashdot.org)

Opera 7.0 Security Holes ... Fixed

Posted by timothy on from the fat-lady dept.

An anonymous reader writes "GreyMagic has issued five new security advisories for the recently-released Opera 7.0. They affect the security model, the javascript console, images, the history and the error log (allowing access to the history). A new version will be released within 24 hours to fix the holes, according to an article at The Register." Update: 02/05 02:01 GMT by T : An anonymous reader writes "Opera Software have just released Opera 7.01 for Windows. This version fixes the recently discovered security holes less than 24 hours after they were discovered - a very impressive turnaround! The release is currently only available on Opera's FTP site. It can be downloaded with Java (12.9Mb) or without (3.3Mb)."

2 of 291 comments (clear)

  1. So let me get this straight. . . by Rojo^ · · Score: 0, Redundant

    There is no law that says web browsers have to have lots of security flaws that can remain published for several weeks before patches are issued on an obscure web page? Pshh, next thing I'll see will say my MS servers are poorly secured.

    (someone had to be the first to say it. . .)

    --
    <:
  2. Not fixed in 24hours by friday2k · · Score: 1, Redundant

    Opera knew earlier about them. From a Bugtraq post:
    For the five advisories posted today concerning Opera 7, I have not seen and information on when and how Opera Software was notified of the problems, and if they were/when planning for a fixed release.

    Alright, after reading:

    http://my.opera.com/forums/showthread.php?s=9034 e4 c94d7495e8166839fd2b242753&threadid=10657

    and:

    http://theregister.co.uk/content/55/29177.html

    It looks like Opera Software was notified 1/31, and asked for the announcement to be delayed until 1/6.

    Was there a good reason to post the vulnerabilities today rather than thursday?