Discussion in 'other security issues & news' started by ronjor, Jun 12, 2008.
The "safest" browser at this moment needs to be patched ? Is Opera already a target ? That's fast.
AFAIK, that a vulnerability is found doesn't necesarily mean that it's being exploited...
I'm not sure, but something must have happened to discover this vulnerability, unless there are good guys that search for vulnerabilities to patch it IN ADVANCE, before the bad guys get even a chance to exploit it.
Erik, I believe the vulnerability is valid for versions prior to 9.5. Note the Solution...
Yes, I know. I can read. I was just talking theoretically.
I thought by "already" you meant the freshly baked 9.5 version...
In many cases, this is the course of things. This is called a PoC vulnerability.
OK. Then my theory was correct. So there is more than one "Matousec" searching for vulnerabilities in softwares.
Of course there is. Every decent vendor search for vulnerabilities (errors in code) in its own software. When found, patches are applied and a new build released as is the case here with Opera (or a standalone patch, as is the case with MS)
I do not know if Matousec has direct access to code of a software he's testing (I assume not). He is doing his tests on a higher level, checking what features a certain firewall has and how are they implemented. He is not necessariliy checking for errors as most of the "flaws" he finds are there "by design", as in "they're meant to be there".
Separate names with a comma.