Printable Version of Topic

Posted by: Christian J May 9 2016, 12:51 PM

Seems the classic Opera 12.xx (Presto) browser still gets limited updates: http://www.opera.com/blogs/security/2016/02/opera-12-and-opera-mail-security-update/

Posted by: Christian J Jan 24 2018, 08:04 AM

According to http://matejhorvat.si/en/unfiled/opera12.htm Opera 12 is not vulnerable to Spectre.

Posted by: thematrix Feb 9 2018, 03:55 AM

Yeah, but on their site, it is written that it is vulnerable to Spectre.

Posted by: Christian J Feb 9 2018, 06:47 AM

Could you link to that page?

(Note that this thread is about the old Opera 12 with the Presto engine, not the newer Chrome-based browser.)

Posted by: pandy Feb 9 2018, 08:55 PM

I think maybe it was vulnerable but is no more?

https://winaero.com/blog/secure-opera-browser-meltdown-spectre-vulnerabilities/

Posted by: Christian J Feb 10 2018, 05:30 AM

I assume most newer browsers (including Opera/Blink, Chrome and other Chromium-based ones) were vulnerable before they were patched (which I think they are now?). At least Pale Moon is said to have been safe even before Spectre was known, and so (like Opera12/Presto) supposedly doesn't need a patch for this.

Of course any browser with javascript enabled is a security- and privacy hazard these days (not just due to Spectre), so it's best to disable javascript by default in all of them.

Posted by: pandy Feb 10 2018, 11:06 AM

I don't know if this test is reliable.
https://xlab.tencent.com/special/spectre/spectre_check.html

It says IE10 and Iron is vulnerable. FF, Edge and - lo and behold - k-mel is not. How could that be? k-mel most certainly isn't patched. Maybe I don't have the latest Iron. But I thought MS had forced patches on us for this on Win10, so their browsers ought to be safe. Not true?

Posted by: Christian J Feb 10 2018, 01:47 PM

I saw that link but didn't dare to test my browsers. Who knows what it'll do to your system.


Yes it's strange that MSIE10 is vulnerable while MS Edge is not (granted they use different engines, but still same company). Firefox/Gecko and Chromium should be patched by now, but then it must be updated in each browser brand (like Iron). Maybe K-Mel is too old to be exploitable (like allegedly Opera12), or too defensively built (like allegedly Pale Moon).

Also (just in case), note that these patches only prevent Spectre exploits through javascript, malware on your computer can still exploit Spectre without any need for a browser.

Posted by: pandy Feb 10 2018, 05:16 PM

You're paranoid.

Yeah, maybe the k-mel guys have made some changes. There are differences from FF. For instance k-mel doesn't support DDE while FF does, sad as it is.

Posted by: thematrix Feb 12 2018, 10:24 AM

My bad, I've read a post on Reddit about that, but when I checked out more into details it's not correct at all. Sorry for making untruthful statements! Should've checked my facts.
It's a good thing they are almost rid of the CPU problems there were! The last update is stated to be pretty successful!