Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security

Opera 7.0 Security Holes ... Fixed 382

An anonymous reader writes "GreyMagic has issued five new security advisories for the recently-released Opera 7.0. They affect the security model, the javascript console, images, the history and the error log (allowing access to the history). A new version will be released within 24 hours to fix the holes, according to an article at The Register." Update: 02/05 02:01 GMT by T : An anonymous reader writes "Opera Software have just released Opera 7.01 for Windows. This version fixes the recently discovered security holes less than 24 hours after they were discovered - a very impressive turnaround! The release is currently only available on Opera's FTP site. It can be downloaded with Java (12.9Mb) or without (3.3Mb)."
This discussion has been archived. No new comments can be posted.

Opera 7.0 Security Holes ... Fixed

Comments Filter:
  • Wow (Score:5, Funny)

    by ArchieBunker ( 132337 ) on Tuesday February 04, 2003 @08:10PM (#5227848)
    Thank god I'm using IE!

    • Yes (Score:3, Informative)

      by damiam ( 409504 )
      Thank god! [pivx.com]



      Yes, I know the parent was sarcastic.

  • Seems like that list would be shorter.
    • Jigga Who? (Score:4, Insightful)

      by Acidic_Diarrhea ( 641390 ) on Tuesday February 04, 2003 @08:28PM (#5227963) Homepage Journal
      That's nonsense. Today's browsers are taking on more and more functionality and becoming all-in-one wonders. Frankly, I want a small and sleek browser that just browsers and so I stay away from all the suite-based contraptions but, that being said, even a relatively clean browser like Opera has many components and each component has a lot to it. So saying there is a bug in the security model really doesn't tell you, the layman, anything because you don't know if an entire rewrite of the model is required or a five lines of error checking are needed.

      Furthermore, in an application - the problem of cohesion and coupling will forever rise. Unfortunately, many applications have modules that are heavily linked so when you ask "What isn't affected?", you aren't considering how many applications are programmed. Frankly, if module A is broken, in many, many cases where the design team was on the project for two weeks and the coding team never even talked to the design team, this would mean that B - F are also broken. I'm not saying this is a problem with Opera but some security flaws in a given module will often result in flaws being found in others.

  • That was quick (Score:4, Insightful)

    by midgley ( 629008 ) on Tuesday February 04, 2003 @08:14PM (#5227870) Homepage Journal
    Opera 7 is nice but I am disinclined to put any new version of a browser on a critical computer. Other cautious types won't have been inconveienced greatly either.

    I like mouse gestures, but I don't know what to make of the new spatial navigation feature. yet.
    Last time there was a serious browser security problem KDE got Konqueror fixed by evening,Opera had fixes on one platform after a day and another platform after a couple of days, and Mozilla was about a sgood.

    Many of my colleagues were still using the only major browser that took a week before anyone admitted they owned a problem, when the fix eventually came out.

    • Here's a Tip (Score:3, Insightful)

      by simetra ( 155655 )
      You shouldn't put any browser on a Critical Computer.
      • Re:Here's a Tip (Score:2, Insightful)

        by gmuslera ( 3436 )
        Unless some genius take that choice for you and integrate the browser with a gui that you can't avoid to load, or integrated browser DLLs with the web server.

        There you must redefine critical or ban certain commonly used operating systems from critical systems (I like the second choice :)
      • Our definitions of criticality and advsable behaviour may differ. We are both right, of course.

        I'm a medical doctor.

        My desktop computer is critical.

        I need to look up stuff from our internal and external knowledge stores like the Dermatology advice (no URL offered by me!), and national electronic library for health [nelh-pc.nhs.uk] GP Notebook [gpnotebook.co.uk] and the US NIH, University of Iowa virtual hospital, that sort of stuff, while I'm dealing with patients.

        In due course I may need to order (we say request) tests or further opinions which are accessed via a browser.

        I think I need a browser on my critical computer.

        I can do it by using the VNC session I maintain to the Linux machine on the network, and running the browser on that, but that makes cut and paste, and triggering a browser from a database noticeably more difficult.

  • About time (Score:5, Funny)

    by Anonymous Coward on Tuesday February 04, 2003 @08:14PM (#5227872)
    I think this is long overdue. The last time I checked out opera, several people were murdered (including one by a barber - terrorists with nail clippers indeed!). On a previous excursion there was an actual war, culminating in the death of a cigarette girl. This kind of thing just has to stop, so the prospect of increased security is a welcome one. In the past the only evidence of surveillance has been a few people in fancy dress with cheap, tiny binoculars. That's just a recipe for anarchy.

    Some ear protection would be nice too.
  • Would BUY a web browser? These things are commodity now in the terms of operating systems. We have IE and Mozilla for Windows, KHTML and Mozilla for Linux, and IE and Mozilla and KHTML for Mac.

    We have Mouse gestures for Moz by plugin, Tabbed bowsing for Moz and Konq, and any other feature deemed ok can easily be added in to Mozilla (either by source adds or plugins).

    Can somebody answer me why someone would buy a web bowser these days?
    • by Tyler Eaves ( 344284 ) on Tuesday February 04, 2003 @08:17PM (#5227888)
      You've obviously never used Opera. Besides, you don't HAVE to buy it. If you can put up with a small, non-flashing banner ad, it's totally free as in beer.
      • ---You've obviously never used Opera.

        Dont assume. You make an ass out of you and me.

        ---Besides, you don't HAVE to buy it. If you can put up with a small, non-flashing banner ad, it's totally free as in beer.

        That aint free. That's ADWARE. Crap I dont want on windows OR Linux.

        Now how about some decent features that opera has that all others dont that make opera worth something like 20$ or 30$ (whatever it is now).
        • Erm, last time I checked, 'Free as in Beer' means that it doesn't require monetary payment.
        • by Anonvmous Coward ( 589068 ) on Tuesday February 04, 2003 @08:26PM (#5227953)
          "That aint free. That's ADWARE. Crap I dont want on windows OR Linux."

          Um. Why not?

          The ads in Opera are not:

          - Popups
          - Spyware
          - Intrusive

          A small area of the interface has a banner. That's it. It doesn't do anything unless you click on it, and sometimes you even get cartoons up there!

          I'd understand your attitude if the ads were like what Kazaa does, but that's not even close to the case here. It's no more than going to a site with a banner at the top. Only, in this case, the banner is up and out of the way and not part of the page itself.

          My only nitpick about it is I wouldn't mind using that space to have more room for shortcuts etc. That'd be the big benefit to paying for it, really. The ads just aren't of much concern.
      • You've obviously never used Opera

        Well, I have, and I'm plenty happy with Gecko-based browsers, thanks.

        Opera's UI is like a trip into some magical fairy land, where every little UI-related feature request that any user ever made has been granted! The result?

        FUCKING BEDLAM.

        Opera is practically unusable, thanks to its fantastically confusing and inconsistant UI. This is a shame, since its actual HTML engine is no slouch. It's no Gecko when it comes to standards compliance, but it's pretty good in 7.0. A shame that they can't make a Galeon/K-meleon simple interface to the damn thing. Opera-lite, anyone? I might actually be interested in such a thing, especially for lower end machines.
        • by Ilgaz ( 86384 )
          People, who love it , use it. Advertising supported or buying it actually.

          Whats your fucking deal with a browser you hate that much and prefer AOL/Gecko based browsers?

          I mean, we use it. They listen to their CUSTOMERS (customers also include people didn't crack the browser, viewing ads), add the features to browser.

          Go back to your mozilla compiling or something, geez, 6 million downloaders of Opera 7 are happy or they are sending feedbacks with a clue to Opera so browser is improving.

          I never remember myself running and posting crap about Netscape 7 which in my eyes, a failed project.

          Opera 7 also showed that if you start from strach, the program doesn't have to get bigger or suck. You get what I mean? ;-)
    • by Anonvmous Coward ( 589068 ) on Tuesday February 04, 2003 @08:19PM (#5227901)
      "Can somebody answer me why someone would buy a web bowser these days?"

      I paid for Opera, and I have 0 regret about that. Opera has, in my opinion, the best user experience. (UI, etc...) Did I have to buy it? No. They have an ad-supported version for free. However, I would like to encourage them to continue down their road towards maintaining the best UI.

      IE 6 is not significantly different from IE5. Though they're free, they do not provide the same evolution that Opera 7 has in relation to Opera 6. Unfortunately, when you aren't making money on your browser, what's your incentive to compete?

      BTW, as long as you're using the Ad-supported version of a browser, you are, in a sense, paying for it. Might as well clear that up now.
      • I'm currently trying out Opera, and I have to say I've found it more buggy than IE6.
        I love the mouse gestures, but the cookie handling is rubbish, and the page size is buggy; if I load a long /. article, I'm forced to view it at 100% size or lower, as above that, the screen goes all screwy.
        And the bookmark folders: if you're trying to move a folder up above another in a line of several folders, it will only let you put the folder INSIDE the above folder. That's a bit messed up.
        As it stands, I'm not paying £25 for something this poorly implemented.

        But I love the mouse gestures. :)
      • Unfortunately, when you aren't making money on your browser, what's your incentive to compete?
        Which browser are you talking about here? It couldn't be IE because Microsoft is betting the company (their words) on .NET, and I think IE will be just a tad instrumental in the success of .NET. Likewise, I don't think anyone could doubt the incentive of Mozilla developers to make thir product better (just look at the results). Same thing for Konqueror. Apple is on the same boat as Microsoft in a way. They want integrated apps that do no rely on the mercy of Microsoft so that they can sell their hardware. Hence, they are developping their own browser based on KHTML. As far as I see all the major browsers are being competitive and providing the features deemed important to their goals (i.e. Microsoft doesn't gain anything by blocking popups in IE -- on the contrary it wants companies to use and sanction IE when they see that they can shove their crap on us more easily). [end of rant]
    • Anyone buying a wintel box that comes with MS product pre-loaded, that's who. Dont' get me going about the definition of 'right mind' :)
    • "Who in their mind Would BUY a web browser?"

      Well, the answer to your question is very simple. Opera, in my opinion, is the best browser out there--better than any free browsers. They only way I can use opera (without bothering with adverts) is to pay for it. Slashdot can be had for free, but some people pay for it. Same thing.
      • Bear in mind, that $39 is the max you'll pay for one licence.

        It's $15 for an upgrade from Opera 6

        It's $20 if you don't have a copy, but can prove (via scanned jpg of student ID card) that you are a student.

        While it's great to use free as in free, software, when a product as good as Opera comes along, it's worth the price. Shareware games are great, but I think most of us have no qualms about spending $40-50 for Doom III

        Tabbed browsing, mouse gestures, zoom in and out, and best of all, save all tabbed pages, including the history for each tab, AND the position down the page, upon exit or even upon a crash.

        The ability to restart exactly where you left off is worth the price alone, just for the time it's saved me over the year I've used it.
    • Mozilla is slow as molasses on anything less than a Ghz+ machine.

      IE is so full of holes, and no feasible way to kill popups short of crippling the browser.

      Your point again was?
    • There are many reasons I like Opera. Here are a few:
      • It's not Microsoft or AOL/TW
      • Mouse gestures are nice
      • Tabbed browser windows are great
      • Easily installed skins and color schemes are fun
      • Email client is nice
      • CSS that doesn't work in IE appears to work in Opera
      • Ability to EASILY turn on/off pop-up windows, including ability to allow requested-only.
      • Many, many customizable features
      • Speed. Always faster than IE

      Those are the main reasons. It's well worth the small price to get a browser with so many good features. I find it amazing that anyone chooses to use IE!!!!

    • I paid for one about one year ago today. I did not even have to pay for it.

      iCab, for the Mac, is still in Preview release form. Eventually they hope to start charging for the final release. When they opened up an optional payment system, I grabbed my credit card the first hour I heard about it.

      Why? I like iCab. It does what I want it to. It has feature integration unlike any other browser I have seen. It was one of the first to block pop-ups. Its built-in ad filtering is still next to none, and it had that years ago. The level of control over the browser is simply amazing in a fairly easy to use preferences dialog box (instead of entering information into a text window a la Mozilla and others).

      As a point of comparison, I have used Mozilla, IE, K-Meleon, Chimera, Safari, and others.

      iCab has its drawbacks, for certain (CSS rendering), but it is good enough to warrant me giving money for its continued development.

      I suppose I am just willing to pay for quality.
    • by joebp ( 528430 ) on Tuesday February 04, 2003 @08:48PM (#5228069) Homepage
      Would BUY a web browser?
      The same people who go around buying other software.

      They're crazy I tells ya!
    • by Sheriff Fatman ( 602092 ) on Tuesday February 04, 2003 @09:21PM (#5228207) Homepage

      I'm a web developer running Win2K on all my dev machines. I run Opera, IE, Netscape and Phoenix on a daily basis. I paid for Opera 6. I paid for Opera 7 while it was still in beta. I paid for them because I believe any company who can fit something as comprehensive as Opera 7 into a 3Mb download deserve a little recognition, and at least now if it all goes wrong and Opera disappears into obscurity, I won't feel like it was my fault. :)

      Technically, it has it's problems - although many of them aren't Opera's fault. Too many existing sites are developed for IE/Netscape instead of being built around standards. I fire up IE for non-Opera compatible sites at least a couple of times a day - online banking being the main culprit. And I still can't get my head around the Opera 7 mail client. Outlook Express ain't perfect, but at least I can find my mail...

      Thing is, I *like* Opera. Opera's tabbed browsing is the best I've ever seen. Opera handles 99% of existing websites and about 1% of known security exploits. I like the interface, I like the philosophy behind it, I like the fact that it supports alpha-channel PNGs even though there's not a website on earth that uses them properly 'cos IE still won't support them. I like the fact that you can zoom a page visually as opposed to just enlarging the font size - really useful if you're running 1600x1200 on a 17" monitor and someone's hardcoded their text to be 8px high. And - to be perfectly frank - I just like the fact that *someone* is taking W3C standards seriously, and I think that's worth $39. In terms of hours-usage-per-dollar, Opera represents much better value for money than Quake III or Deus Ex, and I didn't feel like either of those ripped me off... :)

    • by nil_null ( 412200 ) on Tuesday February 04, 2003 @09:31PM (#5228241) Homepage
      Would BUY a web browser? These things are commodity now in the terms of operating systems. We have IE and Mozilla for Windows, KHTML and Mozilla for Linux, and IE and Mozilla and KHTML for Mac.

      Well, I use Opera now and then to see how its progressed. I've never really liked it enough to pay money for it. Though I've been using Mozilla ever since 1.x, I've been trying out different browsers lately, just to see what I'm missing. Tried Phoenix, which is just Mozilla lite, but I like what they did with it, so I stuck with that for a while. Then I tried Opera 6, for a bit, found it to be pretty quick, and then installed Opera 7 when it was released. It gives you a two-week trial where you don't have the banner ad (otherwise I wouldn't be able to stand it).

      Opera 7 is simply faster than all the others. Loading pages directly is faster, and page caching is also much faster. I turned off my disk cache (using it at work), and have only a 2MB memory cache, yet it still does the trick. Zooming is nice, it zooms everything including images, not just text. It took me a while to get used to the keyboard controls, but once I got them, they work well, and are general one keypress, rather than a two-key combo. There are many little features that are extremely useful. For example, do a Google search. To go to the next page of results, press CTRL-Right. I think this works on other webpages, too. When you close your browse (which I do often by mistake), it keeps track of all the pages you have open. Opera has had this feature for years. Why has no other browser caught on?

      But, in the end, I agree with you. I'm not going to buy Opera 7, though I admit it is in many ways better than the rest. I browse on too many different computers, buying one or two licenses simply won't be enough. I'm using Mozilla under Linux right now, because Opera for Linux is not up-to-date feature-wise. Once my two-week trial for Opera 7 ends on my machine at work, and the banner ad shows up, I'm just going to switch back to Mozilla/Phoenix. They can easilly replicate the really good features of Opera, though the sheer performance they can't touch, at least not without a great deal of work. Maybe Konqueror has a better chance at achieving this. If I only browsed on one computer, I would be tempted to buy Opera 7, but even then I wouldn't be sure, because what if a few months later one of the free browsers surpasses Opera and I switch to that? I'll have wasted my money.

      Yes, browsers should be free. Though I can understand why some people have bought Opera. It simply a great product.
    • I see people flaming me in general saying "If you dont like it, dont buy it". That's not the point. The point is that certain software is like commodity goods. When (if) we purchase Windows, we expect an IP stack to come with it. We also want other software to allow BASIC functionality.

      In yesteryears (say, Win3.X) you had to buy software that would cover basic network protocols and provide a connection by dialup software. You also expected, with this telecom suite, to have clients for the average services. I'm thinking of NetChameleon. Of course once the net started to get big, MS realised that they should include tools (yes, inferior, but they worked) that gave you connectivity.

      What I'm saying is since Web browsers have joined that 'commodity' listing (along with Messaging clients, file sharing clients, music/video players....) why pay for it? I do understand paying for value-added-features, but how many features can you add to a browser (and not have it look like an abomonation of kludge). I also relate this to the argument of word processors: how many different ways are there to re-organize a marked up text document?

      I see this question of paying for browsers as the same as paying for a network stack or a 'better filesystem'.

      NOTE: There are some things that will never be considered in this commodity group. Games, law-software (taxes and like), vertical software... The games may be open source, but will probably be really old or just plain warez'ed. Law related software has to be updated every year. You pay for the updates to the changes to the law code. And last, unless of some strange fluke (some license doesnt work out), I bet that most vertical software will not be open to the public.
      • Don't know about you, but I've used the commodity versions of browsers.

        They suck.

        I've been using Opera 6.x for a while and I like it.

        Best piece of software I've bought in a long time.

        Ever try printing with IE? FOr a company that can produce a good spreadhseet (with good printing options) and a decent word processor (again, with decent printing options) why can't they figure out how to print from a webbrowser?

        ANd as for Mozilla, well, not impressed. All the wiz, and none of the bang.
    • I was actually using Mozilla with tabbed browsing for awhile. When Opera 7.0 went final I went backed to it. Opera just feels faster and more responsive. One thing I noticed with tabbed browsing in Mozilla is it doesn't save your forward and back history. Not truly saving your session. So in Opera I may have clicked on a /. article and when done I hit the back button. Well if I close Opera while still in the article. Next time around I can still press the back button. Mozilla would lose that history. Just a little annoyance. There may be a way to set it and I just missed it. But hey Mozilla is a great browser, I enjoy using. I just like Opera better. Running at 1600x1200 I barely even see the Opera ad bar.
    • Because I bought.

      Those "features" you speak about are invented by Opera. Thanks to people with twisted mind buying this browser so they can pay their programmers and they can code those.

      Many "morons" like me buy so, they are getting profitable and continueuing to invent new features for Opera and providing support for newbies.

      (I don't know why I replied at all)
    • I could be wrong but im pretty sure you PAY for IE when you purchase Windows.. You did pay for your copy of Windows didnt you?
    • Me (Score:3, Interesting)

      And I'm at least mostly in my right mind.
      • Opera is fast
      • User stylesheets are useful in all sorts of ways
      • Quick download kicks arse
      • Better tabbed browsing (drag and drop ordering, more freedom generally)
      • Opera is lightweight yet full featured. It doesn't require additional plugins on top of an already enormous browser for gestures etc.
      • Set up well for keyboard usage (though there are some issues that crept into 7.00).
      • Oh, and it's fast.
      The amount of time I spend in front of a browser means that purchasing Opera is truly an investment that pays off.

      Sure, I could make do with another browser (and I do like Mozilla and Pheonix and Galeon) but on Windows I use and buy Opera because I don't want to settle for (what I consider to be) second best.

      Sometimes things cost money. My home wireless network cost a great deal more than a cat 5 cable but I'll be buggered if I'm going to give up the convenience that wireless brings and compared to that Opera is a bargin, particularly with half priced upgrades.
    • Nothing is free. IE is free because a company is attempting to leverage the front end browsers to control and dominate back end server sales. Netscape which sold browsers was forced to follow suit to stay "competitive," and concentrate on back-end issues. This led to the open sourcing of Netscape Navigator, because Netscape could no longer afford to keep up development on Navigator. OS Navigator begat Mozilla, etc. iCab is currently *still* in beta, and the developers have chosen the high road of not charging until it is finally done. I'm not sure of the history of Konqueror / KHTML, but I believe it evolved out of a desire to increase the functionality of the basic file interface.

      I distinctly remember Microsoft licenced the original I.E. code from a third-party company under a profit sharing agreement, then turned around and gave the browser away. I can't seem to find the information right now, but a lawsuit was most definitely involved, and that free I.E. lunch started off of the backs of someone's hard work.

      None of this has anything to do with why dedicated hard work should not have any value at all... If anything, the existance of Mozilla as an alternative to I.E. on many platforms shows the value of browsers, so much so that people are willing to donate significant periods of time to developing them.

      From a practical perspective, there are still many reasons to use Opera. Besides being smaller and faster than Mozilla (not a particularly difficult task), Opera also saves your currently viewed pages, so that when it (or the system it is on) crashes, one can resume reading wherever they happened to be without a hitch. When Mozilla crashes, you have to re-surf back to where you happened to be, if you can remember. You can save sets of windows, and open sets with a single mouse click. You can search google in the http box by typing g, or ebay with e, or find with f. The interface is rediculously reconfigurable, for easy maximizing of accessability or interface.

      Why buy a web browser? Because you find value in someone else's work. Because you find enough value in your time to pay money. In any market, you pay for commodities, and premium commodities are available. I.E. is paid for through higher costs in other markets. Mozilla is paid for by the community, through the community. Opera is a premium product, and is paid for by people who put a premium on refinements to an established formula.

      Coders will always cost money. If you don't value the product of programmers, that's fine. Free e-mail programs also exist, but people will continue to use Eudora or TheBat! because some people value the quality of an experience over a small quantity of money.

      Your decision will vary... that's why there is options. Money is not everything.

      -Chris
    • Can somebody answer me why someone would buy a web bowser these days?

      Because it's important to you to have the best browser you can find for your daily work.

      Who the hell would pay for a text editor these days? They've been around -way- longer than a web browser, but there's still a commercial market for them. Some people like Textpad 32, some people like UltraEdit, others prefer the MS suite for editing their code, whether or not it actually need an IDE. They just -like- it and it makes their day flow much easier.

      I've given Opera a shake-down, as I used to test things against it occasionally when I did web development, but I saw nothing about it to draw me away from Mozilla. I like Moz -- just becaue I can run it on any platform I have to work with. That's it. Sure, I can with Opera too, but I don't see a good reason for me to switch. I spend only .5 to 1 hour a day at work on the web researching, and I'm so comfortable with Mozilla that I don't wish to re-learn another browser.

      My text editor -- that's a whole new story. When I'm coding, I gotta have vim -- and when I'm not coding (like at my current job) I've gotta have vim for editing config files. I can't switch, at least not when I know I'll be on that same box again in a week. It's a no-go. Thankfully my editor is a free choice, so I can install it without a licensing concern. I'd be just as adament though if I used UltraEdit or TextPad though.

      Shit... if "grep" didn't have a GNU/GPL version out there I'd quickly plop down 50 bucks for a copy that I could use at any site on any OS I wanted. It's party of my daily life. To live without it is just unheard of -- too much time wasted if I didn't have it.
  • by salimma ( 115327 ) on Tuesday February 04, 2003 @08:15PM (#5227879) Homepage Journal
    ... first the announcement [slashdot.org] that they might cease Mac development due to future competition from Safari, then taking flak from their users for forcing the use of tabs [blogspot.com] in Opera 7 for Windows... (rather inaccurate reporting by the Inquirer here [theinquirer.net]).

    Let's hope they get their act together - I don't use Opera myself but it would be a shame to see a company that brought tab browsing and mouse gestures to stumble and fade away..

    • Iduno. According to the latest Inquirer article, they're doing everything right.

      This is the first time anyone's criticized the grey hats and I've sortof agreed. Sure, release the fact that there are security issues, and release the workarounds, but there's no reason to release the details when the developers were willing to give them a specific, limited timeframe.

      Not just a publicity stunt, but it does not benefit the public in any way, shape, or form. This is different from holes in Windows that MS would never, ever fix without being forced to do so.
    • Tabs are not forced on you in O7 windows. SDI mode is certainly still there. If you have "Open pages in new window" checked in preferences then right clicking on a link and selecting "open in new page" or "open in background" will do what that feature did in Opera 6 in SDI mode as far as I can tell.
  • Oops (Score:5, Funny)

    by LongJohnStewartMill ( 645597 ) on Tuesday February 04, 2003 @08:16PM (#5227881)
    Five new security advisories for the recently-released Opera 7.0. affect the security model...

    What security model were they using? Swiss Cheese?
  • by 10sball ( 80009 ) on Tuesday February 04, 2003 @08:16PM (#5227884) Homepage
    7.01 is already available on their ftp site...

    ftp://ftp.opera.com/pub/opera/win/701/en/std/ow3 2e nen701.exe
    ftp://ftp.opera.com/pub/opera/win/701/ en/java/ow32 enen701j.exe
  • Other than that (Score:5, Insightful)

    by Jonny Ringo ( 444580 ) on Tuesday February 04, 2003 @08:18PM (#5227895)
    Its a great browser :-)

    I don't recall /. posting about Opera 7.0 (non-beta) when it came out. So the first mention of it is about security bugs. Kind of disappointing.

    This browser is soooo good, I purchased it about a half hour after I downloaded it.

    My new favorite feature is holding down shift and using the arrow keys to navigate through the links on a web site. You now don't have to follow the links in order like you use to by hitting tab. So bad ass for people who did the keyboard.

    It can now be identified as IE 6.0 and Mozilla 5.0

    • Re:Other than that (Score:2, Informative)

      by a8f11t18 ( 614700 )
      The most important new feauture is the completely rewritten engine, called presto. It has actually taken them almost 2 years to write that ting, and I must say congratulations, because it's DARN quick.. Other new features include better popup-handling, more customizable user interface (every button can be removed and added from any toolbar as you see fit), spatial navigation (a godsend for keyboarders), a completely new and in some ways revolutionary mail client, small screen rendering, and a lot of small things here and there.. that besides all the other good stuff from the earlier versions of opera, of course =) Opera rocks!
    • My new favorite feature is holding down shift and using the arrow keys to navigate through the links on a web site. You now don't have to follow the links in order like you use to by hitting tab. So bad ass for people who did the keyboard.

      You might want to check out mozilla's type-ahead-find. You type the text of a link and the focus moves there. For example, I got to this page by typing "rep"(ly to this) <enter>.

      It works really well, a la emacs' incremental search.

  • 5 -- You're still waiting for KDE to compile anyway, so Konqueror's a no go

    4 -- Less Gecko filling, tastes great

    3 -- Still has 62,400 less bugs than Internet Explorer

    2 -- Named after an afternoon TV show that dropped the Soap

    1 -- Get that "gay look" without spending $139 on a new Mac OS X release each month

    Visit *nix.org [starnix.org] -- Featuring Linux, BSD, Solaris, and OS X

  • by Istealmymusic ( 573079 ) on Tuesday February 04, 2003 @08:38PM (#5228007) Homepage Journal
    For the five advisories posted today concerning Opera 7, I have not seen
    and information on when and how Opera Software was notified of the
    problems, and if they were/when planning for a fixed release.

    Alright, after reading:

    http://my.opera.com/forums/showthread.php?s=9034e4 c94d7495e8166839fd2b242753&threadid=10657 [opera.com]

    and:

    http://theregister.co.uk/content/55/29177.html [theregister.co.uk]

    It looks like Opera Software was notified 1/31, and asked for the
    announcement to be delayed until 1/6.

    Was there a good reason to post the vulnerabilities today rather than
    thursday? (originally posted to BugTraq)
    • What's more annoying is the text in the /. story: "This version fixes the recently discovered security holes less than 24 hours after they were discovered."

      Of course, they were discovered several days ago. This is how news bias exhibits itself, folks. Not to pick on /., but if you learn to keep an eye open for these misstatements in headlines and lead paragraphs, you see a lot of them. Another one I caught today was in a story linked off Drudge [upi.com].

      Headline: Pentagon adviser: France 'no longer ally'

      Quote from within the story: "France is no longer the ally it once was."

  • but opera surely does rock!! I have tried Mozilla, Pheonix, and IE, and also Konqueror and some other browser on linux which I tested a while ago, and well.. sorry, but opera is by far the best browser I've ever used.. I would mourn if it suddenly went bankrupt or whatever, as non of the other browsers are good enough for me after having used opera. Of course, things are looking fairly good for opera and their future, even though they're competing in the deadliest of markets - this hold true especially for the portable market. When discussing opera and browsers, someone always comes on and says why not use pheonix instead?? I will tell you something.. to me, pheonix feels almost as bloated as mozilla.. it's just something with the.. interface.. difficult to describe.. even the renderer feels slower, or in some other way inferior to the one of opera, but.. the show stops already with the user interface.. there's just something not completely right about it.. opera has nothing too fancy in the way of interface design, but it just works and feels very good. So some seem to think us opera users just make stupid claims.. tell me this.. why the hell would i bother to pay for opera if pheonix is just as good or even better as many claim? For me, it simply isn't.. besides, opera has some functionality moz/pheonix cannot offer me yet.
    • I'm with you completely. I've been an Opera-fanboy since the 3.x-beta series. It just get more things right than other browsers -- and I'm continually looking at the alternatives (inkl. Mozilla, Phoenix and Konq), but the feeling isn'ty there.

      There's small things that I need, like the forward/backward gestures, I need my "tabs" at the bottom of the screen (the ones in Moz just looks and feels wrong). Any browser I use must absolutely be able to maintain state between sessions. I'm constantly using features like shift+ctrl+click, reload-every-X-min. I also use the mail-client and I want it on to the left of my browser window (integrated, just like it is in Opera).

      Unfortunately the Opera 7.0 release was way b0rken for me, but if they can ship one or two updates more (basically I couldn't use the email client, I was getting SSL_write() errors in my server log and messages never went out (and Opera didn't mention a thing!). That's bad, but if they can fix it then Opera 7 might become the best thing since Opera 6.05 which I'm back to using now.

      The only thing I truly lack in Opera now is a "developer raw tab" where I could see the HTTP requests and answers in the-raw, with a quick toggle between ASCII vs Hex+ASCII.

      Other than that I guess a bit better control over plugins (enable/disable) would be nice. Don't remember if that's fixed in 7, but in the 6-series you'll have to much around a plugins-ignore.ini which is only read on startup.

      And oh, seeing the raw message+headers in the mail client. Where did that go? There was this odd hidden function (ctrl+shift+y or something) to copy the headers to the C'n'P-buffer, but...

      Opera software, if you're reading this; Fix the mail client and I'll give you more of my money.

  • Phoenix (Score:5, Informative)

    by jsse ( 254124 ) on Tuesday February 04, 2003 @08:46PM (#5228053) Homepage Journal
    I know it might not help much, but all Opera user should give Phoenix [texturizer.net] a shot.

    I used Opera and I really like it very much as its efficiency and functionalities can really beat any other alternatives. However, I failed to get Java and flash work properly on Linux, it always has some glitches here and there. Opera works fine in this regard in Windows, though.

    Then I gave Phoenix a try. To my surprise, not only java and flash works flawlessly, its performance is even comparable to Opera! Although it doesn't have the same functionalities I'd find in Opera, but I can install extensions [texturizer.net] to enhance its usabilities. Above all, it wouldn't give you annoying banner ad(yes I didnt pay for Opera :)

    I just tell from my experience, and I've no association with Phoenix development team. :) (yeah, kudos to Phoenix developers!)
  • The Difference (Score:2, Interesting)

    by Anonymous Coward
    Opera comes up with security problems, and they're fixed in short order.

    IE has one big security problem (script support) and a whole bunch of little ones, and the patches come, well, when they get around to it.

    Conclusion: Well, you decide for yourself...

    This Post Made From Within Opera (6.0)
  • by antdude ( 79039 ) on Tuesday February 04, 2003 @08:52PM (#5228088) Homepage Journal
    According to this forum thread [dslreports.com], it said "Grey Magic looking at the alert said they informed Opera in Nov. of the problems in beta 1 of version 7. In beta 2 Opera thought they had fixed it but instead had only fixed part and not all. On Jan. 31 Grey Magic informed Opera of these problems in version 7 final , Opera asked for the to wait till Feb. 6 before announcing so that they could have it fixed , Grey Magic chose not to wait just 2 more days."
  • by tshak ( 173364 ) on Tuesday February 04, 2003 @08:54PM (#5228093) Homepage
    ...that full disclosure of security issues is not in the publics interest. Opera has aggressively been working on the problems, and has released 7.01 which (AFAIK) fixes said problems. However, they did not have reasonable time to address each issue once found.

    It's one thing when a company sits on an exploit for a month without even aknowledging it. It's another when a company acknowledges it, and requests a reasonable amount of time to make a fix, and regression test that fix. Sheeshe, give these guys a break - they patched very quickly and from what it looks like it's a stable patch.
    • I have to agree with this. I think immediate vulnerability release is not a responsible way to handle things if security is your ultimate goal. It is my **opinion** that companies should be warned and given the option to provide a complete, stable, tested fix. I do, however, support public disclosure if the company decides that it can't be bothered to protect the very people that justify its existance.

      Just my 2 cents.

      WoodSmoke

  • by Anonymous Coward on Tuesday February 04, 2003 @08:57PM (#5228104)
    Programmer1: Ouch! Somebody just discovered some security holes in our browser!

    Programmer2: Yeah, I saw that too. I was working on it all morning, but I believe I've fixed all the outstanding issues in our code. Now we just need to notify our user base.

    Programmer1: Yup. You gonna call him, or should I?

    *RIMSHOT*
  • It chaps my butt just a bit that Opera did not have the courtesy to send me an email letting me know that a new version was available. I registered my Windows and Linux versions. Maybe their email server is buggy too.
  • by Anonymous Coward on Tuesday February 04, 2003 @09:22PM (#5228213)
    Wrote 'em an email complaining about their security-through-obscurity model, and had a reply back from a developer within ten minutes, pointing me to the FTP site with the fixed version...

    That's not a bad response at all, IMHO.

    And no, I don't work for 'em - are they hiring at the moment? :)
  • Not 24 Hours (Score:3, Informative)

    by sparkhead ( 589134 ) on Tuesday February 04, 2003 @09:43PM (#5228296)
    Maybe 24 hours since it's been reported here, but look at the error reports, the latest report is dated January 29th, the earliest is from November (a variant of the hole in question).

  • by TeknoHog ( 164938 ) on Tuesday February 04, 2003 @09:50PM (#5228319) Homepage Journal
    Many people have noted before (concerning BSDs and the like) that files appearing at ftp sites do NOT mean it's officially released. Opera 7.01 is still not officially released, and the files might still change.

    For the alpha previews of their unix versions, go here [opera.com].

  • Opera knew earlier about them. From a Bugtraq post:
    For the five advisories posted today concerning Opera 7, I have not seen and information on when and how Opera Software was notified of the problems, and if they were/when planning for a fixed release.

    Alright, after reading:

    http://my.opera.com/forums/showthread.php?s=9034 e4 c94d7495e8166839fd2b242753&threadid=10657

    and:

    http://theregister.co.uk/content/55/29177.html

    It looks like Opera Software was notified 1/31, and asked for the announcement to be delayed until 1/6.

    Was there a good reason to post the vulnerabilities today rather than thursday?
  • by henben ( 578800 ) on Wednesday February 05, 2003 @05:31AM (#5230131)
    Even if you don't want to use a commercial browser, the existence of Opera is a good thing for projects like Mozilla.

    Let me explain: Opera have shown their willingness to innovate and add new features to their browser. And they're good at it. Many of their ideas are very useful, *and* they're designed to benefit the user rather than create new "standards" to try and lock in developers.

    Opera promoted the ideas of tabbed browsing and mouse gestures, ideas that were taken up by many Gecko-based browsers. The new release adds and intelligent "forward" button, understanding of navigational META tags, and small screen rendering.

    If you watch Moz and Phoenix, you will see the influence of Opera - for example, the demand for Opera-style "rocker" gestures (using mouse button combos rather than movement) to be added to the gesture extensions.

    Now, I'm not saying that Open Source projects should only clone and never innovate - and in fact, there are many innovations in Mozilla (pie menu navigation and type ahead find, for example). But Opera is a useful source of good interface ideas, and the company is not taking out bogus patents to "protect" them.

  • Why I use Opera (Score:3, Informative)

    by nettarzan ( 161548 ) on Wednesday February 05, 2003 @10:44AM (#5231305)
    First of all, let me make it clear that I would rather not pay for something if I can get it for free. Having said that the reasons I paid for Opera are:
    1.Tabs
    Say what you may about Knoq, phoenix having tabbed browsing. But Opera what the first and does now has even more tabbed features with ability to save tab sessions.
    2. Gestures:
    This is first to market and most elegant and intuitive gestures than the Moz plugin which caused me unpredicatable or inintentional behaviors with the gestures.
    3. Kickass Download manager
    The best download integration with browser. Stop start resume, etc,, With the new version you can download all the links in a page in just one operation.
    4. Memory and Speed:
    My normal usage takes only 20MB(I have 12 tabs open usually mostly java documentation that I can easily access) on minimizing it takes only 7MB.

    5. Search integration
    Believe it the searching google, amazon or ebay or your custom configuration is far superior to any browser out there.

    Only negative I have is the rendering of pages. For example Yahoo! Mail had pull down menu. But I can't get it to work in Opera given that Yahoo! is a megaplex on the web.

    So give it a try and you'll never turn back just I did.
    If it makes your life better thank Opera team and you'll be better for it.

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...