My OperaYou need to be logged in to post in the forums. If you do not have an account, please sign up first.
Site Claiming Serious New Java Flaw
See"Serious New Java Flaw Affects All Current Versions of Windows"
http://threatpost.com/en_us/blogs/serious-new-java-flaw-affects-all-browsers-040910
1. Some people do need Java in their browsers.
2. Having Java on when not needed clearly seems now like an unreasonable risk.
Opera should make top priority returning the selection of Java off and on to Opera.
They have..... A new version of browser.js has been issued which includes blocking the dll's responsible for this flaw. It will be installed automatically next time your browser checks for new versions (every week) or immediately if you do a 'help/check for updates'. There is a thread about this in the security forum.
Opera is probably the first browser to have a patch for this (un-exploited) flaw...
Opera is probably the first browser to have a patch for this (un-exploited) flaw...
Qustions:
1. Is the new browser.js identifed in some way by a version number of some sort?
2. With what versions of Opera will the new browser.js work?
3. For those who have turned updates off to keep out 10.5, how can one manually download the file?
3. Can you install it by simply copying over to the directory where the prior browser.js was and restarting?
1. Is the new browser.js identifed in some way by a version number of some sort?
2. With what versions of Opera will the new browser.js work?
3. For those who have turned updates off to keep out 10.5, how can one manually download the file?
3. Can you install it by simply copying over to the directory where the prior browser.js was and restarting?
You won't be offered a new version of the browser when you check for updates (unless you are using a version before 10.51). But that is not the point. Whenever you do a 'check for updates' it will automatically update the browser.js file regardless of whether there is a new version of the browser itself. The two are not related, browser.js will work on all versions of the browser.
See http://my.opera.com/sitepatching/blog/2010/04/12/small-update-with-some-new-patches and http://www.opera.com/docs/browserjs/
Such a quick and simple thing to do it is hardly worth not doing it...
See http://my.opera.com/sitepatching/blog/2010/04/12/small-update-with-some-new-patches and http://www.opera.com/docs/browserjs/
Such a quick and simple thing to do it is hardly worth not doing it...
17. April 2010, 07:56:05 (edited)
Mod edit: Off-topic comment removed. Please do not hijack other people's threads.
Roedy Green, http://mindprod.com
jlorentz: I've stayed with 10.10 on m main machine, disallowing updates to 10.5x for now. However, I have done Check for Updates without updating browser version to keep browser.js up to date, so I think I'm in the position you're asking about.
My browser.js, which is in "C:\Documents and Settings\spantham\Application Data\Opera\Opera100\browser.js" contains the line
var bjsversion=' Opera Desktop 10.00 core , April 12, 2010 ';
This version obviously works fine with 10.10.
I update the file by doing a Check for updates, carefully unticking the box that would let Opera update in future without my say-so, and carefully not accepting the offer to upgrade. If you have blocked the server in your hosts file, you obviously need to unblock before and reblock after doing this.
I don't know whether getting a copy of the current browser.js and copying it in manually would work cleanly. I would guess so.
I went to the JavaWS vulnerability test site described in the original advisory http://seclists.org/fulldisclosure/2010/Apr/119 to see what would happen. Using Opera 10.10 with the current browser.js, nothing much did. I got a blank page with "Loading applet". I tried the same thing with Firefox, and ZoneAlarm piped up warning me to go no farther.
My browser.js, which is in "C:\Documents and Settings\spantham\Application Data\Opera\Opera100\browser.js" contains the line
var bjsversion=' Opera Desktop 10.00 core , April 12, 2010 ';
This version obviously works fine with 10.10.
I update the file by doing a Check for updates, carefully unticking the box that would let Opera update in future without my say-so, and carefully not accepting the offer to upgrade. If you have blocked the server in your hosts file, you obviously need to unblock before and reblock after doing this.
I don't know whether getting a copy of the current browser.js and copying it in manually would work cleanly. I would guess so.
I went to the JavaWS vulnerability test site described in the original advisory http://seclists.org/fulldisclosure/2010/Apr/119 to see what would happen. Using Opera 10.10 with the current browser.js, nothing much did. I got a blank page with "Loading applet". I tried the same thing with Firefox, and ZoneAlarm piped up warning me to go no farther.