Opera Multiple Vulnerabilities

Discussion in 'other security issues & news' started by ronjor, Jun 12, 2008.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,780
    Location:
    Texas
    Secunia
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The "safest" browser at this moment needs to be patched ? Is Opera already a target ? That's fast.
     
  3. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    AFAIK, that a vulnerability is found doesn't necesarily mean that it's being exploited...
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm not sure, but something must have happened to discover this vulnerability, unless there are good guys that search for vulnerabilities to patch it IN ADVANCE, before the bad guys get even a chance to exploit it.
     
  5. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum


    Erik, I believe the vulnerability is valid for versions prior to 9.5. Note the Solution...
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, I know. I can read. I was just talking theoretically.
     
  7. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    I thought by "already" you meant the freshly baked 9.5 version...

    In many cases, this is the course of things. This is called a PoC vulnerability.
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    OK. Then my theory was correct. So there is more than one "Matousec" searching for vulnerabilities in softwares. :D
     
    Last edited: Jun 12, 2008
  9. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Of course there is. Every decent vendor search for vulnerabilities (errors in code) in its own software. When found, patches are applied and a new build released as is the case here with Opera (or a standalone patch, as is the case with MS)

    I do not know if Matousec has direct access to code of a software he's testing (I assume not). He is doing his tests on a higher level, checking what features a certain firewall has and how are they implemented. He is not necessariliy checking for errors as most of the "flaws" he finds are there "by design", as in "they're meant to be there".
     
Loading...
Thread Status:
Not open for further replies.