My OperaThe My Opera forums have been replaced with forums.opera.com. Please head over there to discuss Opera's products and features
See the new ForumsThis topic has been closed. No new entries allowed.
You need to be logged in to post in the forums. If you do not have an account, please sign up first.
When will Opera Release a fix for the 0day exploit?
According tohttp://www.h-online.com/security/news/item/Critical-security-hole-in-current-version-of-Opera-1362504.html
it was reported about a year ago and is now released as metaspolit module, so exploiuts will start anytiome now..
http://spa-s3c.blogspot.com/2011/10/spas3c-sv-006opera-browser-101112-0-day.html
Originally posted by sEveron:
why does it take the release of easily accessible version of the exploit to force the opera team to fix it
they had no info about the exploit so they couldn't fix it. The information previously provided was incomplete and applied only to an old version.
Originally posted by sEveron:
You know that this is a lie, and yet you continue to repeat it. The vulnerability that was reported 6 months ago was different. Look at the exploit code and see for yourself. So he lied, and you are promoting his lies.Bad decision making is bad. From my experience, we would rather get menu structure overhaul and another few useless features instead a fix for a hole allowing remote code execution THAT WAS REPORTED A YEAR AGO. Until I see this thing fixed, I'm browsing with chrome. Yeah.
It's just retarded of you to claim that a company with a security track record like Opera would randomly decide to refuse to fix just one single vulnerability for no reason whatsoever. Why on earth would they do that? Shame on you. Shame on you for your blatant lies, and your completely insane accusations.
Also, Opera has different teams working on different things. The UI developers will never touch the SVG handling code, so once again you make a fool of yourself.
Go away. Just go away.
Originally posted by sEveron:
Since the problem was with communication with the researcher, I'd say someone at the management level is to blame here. Someone at the management level could manage this thing better instead of being very busy with the latest opera bling.
You for some reason sound very bitter, did we not fix your pet bug or something?
Please read Sigbjørns reply to you again: http://my.opera.com/securitygroup/blog/show.dml/36705282#comment72845682
http://www.vivaldi.net
Made for community, not quarterly reports
21. October 2011, 06:20:57 (edited)
Originally posted by sEveron:
Originally posted by Slamdex:
You know that this is a lie, and yet you continue to repeat it.
...
he lied, and you are promoting his lies.
No, you believe it's a lie, I believe it isn't. Different code using the same exploit mechanics is the same exploit.
No, we know it's a lie because the exploit didn't work in the stable version at the time (the reporter has even failed to show that it did), and he had to change the exploit to get it working in a new version. The fact that he sat on this for several months proves that he kept failing to get it working, until he eventually found a way to do it.
Why else would he sit on this for several months?
Originally posted by Slamdex:
It's just retarded of you to claim that a company with a security track record like Opera would randomly decide to refuse to fix just one single vulnerability for no reason whatsoever.
Why on earth would they do that?
It's not retarded, it's realistic. There is always a reason for every failure. Of course they didn't "refuse" to fix the issue. They just failed to establish sufficient communication to do it.
There was no way to establish sufficient communication to do it because the reporter refused to communicate. Also, the vulnerability did not affect the latest stable version of Opera, so there was no more information anywhere in the first place.
But that's not the issue here. The issue here is that he claimed that they actively refused to fix it. And you followed up by actively lying, also claiming that they actively refused to fix it:
"From my experience, we would rather get menu structure overhaul and another few useless features instead a fix for a hole allowing remote code execution"
As you can see, you are still being caught contradicting yourself, meaning that you are making up stuff on the spot. It means that you have been caught lying again as well.
The fact remains that communication was not achieved. The party most interested in the issue, Opera, would be the one that should obviously put greater pressure on it.
You are dishonestly trying to change the subject. The issue here is that he claimed that Opera actively refused to fix it. You even kept parroting this lie, while at the same time trying to change the topic because you realized that
I don't really believe they did everything they could in this matter, because if they did, the communication would be established.
Wrong. It is impossible to communicate with someone who refuses to communicate. We see this even today. The reporter keeps spreading lies in public despite being caught red-handed multiple times.
Since the problem was with communication with the researcher, I'd say someone at the management level is to blame here. Someone at the management level could manage this thing better instead of being very busy with the latest opera bling. It's about company focus.
Your dishonesty is astounding. You are nothing but a troll.
Forums » General Opera topics » Security and privacy in Opera