Slashdot Mirror
Opera 7.0 Security Holes ... Fixed
An anonymous reader writes "GreyMagic has issued five new security advisories for the recently-released Opera 7.0. They affect the security model, the javascript console, images, the history and the error log (allowing access to the history). A new version will be released within 24 hours to fix the holes, according to an article at The Register." Update: 02/05 02:01 GMT by T : An anonymous reader writes "Opera Software have just released Opera 7.01 for Windows. This version fixes the recently discovered security holes less than 24 hours after they were discovered - a very impressive turnaround! The release is currently only available on Opera's FTP site. It can be downloaded with Java (12.9Mb) or without (3.3Mb)."
Thank god I'm using IE!
Only the State obtains its revenue by coercion. - Murray Rothbard
I think this is long overdue. The last time I checked out opera, several people were murdered (including one by a barber - terrorists with nail clippers indeed!). On a previous excursion there was an actual war, culminating in the death of a cigarette girl. This kind of thing just has to stop, so the prospect of increased security is a welcome one. In the past the only evidence of surveillance has been a few people in fancy dress with cheap, tiny binoculars. That's just a recipe for anarchy.
Some ear protection would be nice too.
There are workarounds it says until the patch, just turn off javascript.. that gets rid of 4 of 5 holes. 5th hole is plugged by changing
/\\/g, "\\\\" ) +
/\\/g, "\\\\").replace(/"/g,"")+
m.replace(
on line 52 of "console.html" in Opera's install dir with:
m.replace(
I know it might not help much, but all Opera user should give Phoenix a shot.
:)
:) (yeah, kudos to Phoenix developers!)
I used Opera and I really like it very much as its efficiency and functionalities can really beat any other alternatives. However, I failed to get Java and flash work properly on Linux, it always has some glitches here and there. Opera works fine in this regard in Windows, though.
Then I gave Phoenix a try. To my surprise, not only java and flash works flawlessly, its performance is even comparable to Opera! Although it doesn't have the same functionalities I'd find in Opera, but I can install extensions to enhance its usabilities. Above all, it wouldn't give you annoying banner ad(yes I didnt pay for Opera
I just tell from my experience, and I've no association with Phoenix development team.
...that full disclosure of security issues is not in the publics interest. Opera has aggressively been working on the problems, and has released 7.01 which (AFAIK) fixes said problems. However, they did not have reasonable time to address each issue once found.
It's one thing when a company sits on an exploit for a month without even aknowledging it. It's another when a company acknowledges it, and requests a reasonable amount of time to make a fix, and regression test that fix. Sheeshe, give these guys a break - they patched very quickly and from what it looks like it's a stable patch.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
Programmer1: Ouch! Somebody just discovered some security holes in our browser!
Programmer2: Yeah, I saw that too. I was working on it all morning, but I believe I've fixed all the outstanding issues in our code. Now we just need to notify our user base.
Programmer1: Yup. You gonna call him, or should I?
*RIMSHOT*
I'm a web developer running Win2K on all my dev machines. I run Opera, IE, Netscape and Phoenix on a daily basis. I paid for Opera 6. I paid for Opera 7 while it was still in beta. I paid for them because I believe any company who can fit something as comprehensive as Opera 7 into a 3Mb download deserve a little recognition, and at least now if it all goes wrong and Opera disappears into obscurity, I won't feel like it was my fault. :)
Technically, it has it's problems - although many of them aren't Opera's fault. Too many existing sites are developed for IE/Netscape instead of being built around standards. I fire up IE for non-Opera compatible sites at least a couple of times a day - online banking being the main culprit. And I still can't get my head around the Opera 7 mail client. Outlook Express ain't perfect, but at least I can find my mail...
Thing is, I *like* Opera. Opera's tabbed browsing is the best I've ever seen. Opera handles 99% of existing websites and about 1% of known security exploits. I like the interface, I like the philosophy behind it, I like the fact that it supports alpha-channel PNGs even though there's not a website on earth that uses them properly 'cos IE still won't support them. I like the fact that you can zoom a page visually as opposed to just enlarging the font size - really useful if you're running 1600x1200 on a 17" monitor and someone's hardcoded their text to be 8px high. And - to be perfectly frank - I just like the fact that *someone* is taking W3C standards seriously, and I think that's worth $39. In terms of hours-usage-per-dollar, Opera represents much better value for money than Quake III or Deus Ex, and I didn't feel like either of those ripped me off... :)
-- Open Source: It's mad, but you don't have to work here to help.
Wrote 'em an email complaining about their security-through-obscurity model, and had a reply back from a developer within ten minutes, pointing me to the FTP site with the fixed version...
:)
That's not a bad response at all, IMHO.
And no, I don't work for 'em - are they hiring at the moment?