My OperaYou need to be logged in to post in the forums. If you do not have an account, please sign up first.
The first exploit of Opera 10.5x or is it another false alarm?
http://secunia.com/advisories/39590/ same story as http://secunia.com/advisories/38820/ ????Opera responce for Secunia Advisory SA38820
"Our updated conclusion is that the original test-case is not a security issue, but for Secunia's modified test-case there is a theoretical possibility that an attacker could set up conditions so that arbitrary code can be run, and it is therefore a security issue. However, we think it is unlikely that this can be done is a predictable fashion. We also determined that the problem only existed in our Windows version."
Taken from the-malformed-content-length-header-security-issue
How will Opera respond this time?
Hope this time the Opera Developers will provide a fix quicker than the last time, even if it is not an exploitable vulnerability.
Originally posted by jimmy_tsatsos:
How will Opera respond this time?
The way they always respond: Fix it quickly.
Hope this time the Opera Developers will provide a fix quicker than the last time
They fixed it quickly last time, and the time before that, and the time before that, etc. Opera was found to be the fastest to fix vulnerabilities out of all browsers.
Secunia Advisory SA37182 28/10/09 responce Opera 10.01 28/10/09 same day!
Secunia Advisory SA37431 20/11/09 and Secunia Advisory SA37469 23/11/09 responce 10.10 goes final 23/11/09 3 days and same day!
Secunia Advisory SA38546 11/02/10 responce Continued stabilization (Beta) 22/01/10 this one was known by Opera way before secunia show it to their site, but Opera fixed it with Opera 10.50 for Windows is released 02/03/10 a little late (but it was not a critical one)!
Secunia Advisory SA38820 04/03/10 ( Highly critical) responce On a roll: Opera 10.51 for Windows released 22/03/10 personally I am not happy with this one, because Opera claimed that it was not a security issue and instead of fixing it so that nobody could say anything they fixed it 18 days after.
I know that Opera always fix quickly any exploit found, and even the 18 days is a quick fix but this is my personal opinion:
Opera almost always fix exploits is most one week, that is why I am not happy with any delay!
Secunia Advisory SA37431 20/11/09 and Secunia Advisory SA37469 23/11/09 responce 10.10 goes final 23/11/09 3 days and same day!
Secunia Advisory SA38546 11/02/10 responce Continued stabilization (Beta) 22/01/10 this one was known by Opera way before secunia show it to their site, but Opera fixed it with Opera 10.50 for Windows is released 02/03/10 a little late (but it was not a critical one)!
Secunia Advisory SA38820 04/03/10 ( Highly critical) responce On a roll: Opera 10.51 for Windows released 22/03/10 personally I am not happy with this one, because Opera claimed that it was not a security issue and instead of fixing it so that nobody could say anything they fixed it 18 days after.
I know that Opera always fix quickly any exploit found, and even the 18 days is a quick fix but this is my personal opinion:
Opera almost always fix exploits is most one week, that is why I am not happy with any delay!
27. April 2010, 21:36:15 (edited)
Opera has been the fastest in fixing last year. As it looks, an exploit was first discovered on Safari and Chrome and when tested with Opera a different exploit was found.
Check out http://techbase.kde.org/Localization/fy for the Frisian KDE
Fryske KDE weblog http://fryske-kde.blog.com/
http://ytsmabeer.atspace.com/gedichten/gedichten.html
Fryske KDE weblog http://fryske-kde.blog.com/
http://ytsmabeer.atspace.com/gedichten/gedichten.html
Question is, did they look at the memory after running this javascript infinite loop thing ?
Because they may just see there is a DoS (crash of the browser) because of bad memory.
But whatever, just do an infinite loop in opera or others browsers and I guarantee you could not use them.
Because they may just see there is a DoS (crash of the browser) because of bad memory.
But whatever, just do an infinite loop in opera or others browsers and I guarantee you could not use them.
Do these people even report the vulnerabilities to Opera ASA before publishing them all over the internet? Am I the only one who thinks it's a little strange that these vulnerabilities are so often published on the same day a new Opera version is released, and always after the release?
I hope it can be fixed quickly if it's a real vulnerability this time.
I hope it can be fixed quickly if it's a real vulnerability this time.
A fix is underway and available for testing http://my.opera.com/desktopteam/blog/2010/04/28/opera-10-53-rc1-for-windows-and-mac
Check out http://techbase.kde.org/Localization/fy for the Frisian KDE
Fryske KDE weblog http://fryske-kde.blog.com/
http://ytsmabeer.atspace.com/gedichten/gedichten.html
Fryske KDE weblog http://fryske-kde.blog.com/
http://ytsmabeer.atspace.com/gedichten/gedichten.html