Help - Search - Members - Calendar
Full Version: Opera 12.18 security update
HTMLHelp Forums > General Interest > Off Topic
Christian J
Seems the classic Opera 12.xx (Presto) browser still gets limited updates: http://www.opera.com/blogs/security/2016/0...ecurity-update/ wub.gif

Christian J
According to http://matejhorvat.si/en/unfiled/opera12.htm Opera 12 is not vulnerable to Spectre.
thematrix
Yeah, but on their site, it is written that it is vulnerable to Spectre.
Christian J
QUOTE(thematrix @ Feb 9 2018, 09:55 AM) *

Yeah, but on their site, it is written that it is vulnerable to Spectre.

Could you link to that page?

(Note that this thread is about the old Opera 12 with the Presto engine, not the newer Chrome-based browser.)
pandy
I think maybe it was vulnerable but is no more? unsure.gif

https://winaero.com/blog/secure-opera-brows...ulnerabilities/
Christian J
I assume most newer browsers (including Opera/Blink, Chrome and other Chromium-based ones) were vulnerable before they were patched (which I think they are now?). At least Pale Moon is said to have been safe even before Spectre was known, and so (like Opera12/Presto) supposedly doesn't need a patch for this.

Of course any browser with javascript enabled is a security- and privacy hazard these days (not just due to Spectre), so it's best to disable javascript by default in all of them.

pandy
I don't know if this test is reliable.
https://xlab.tencent.com/special/spectre/spectre_check.html

It says IE10 and Iron is vulnerable. FF, Edge and - lo and behold - k-mel is not. How could that be? k-mel most certainly isn't patched. Maybe I don't have the latest Iron. But I thought MS had forced patches on us for this on Win10, so their browsers ought to be safe. Not true?
Christian J
QUOTE(pandy @ Feb 10 2018, 05:06 PM) *

I saw that link but didn't dare to test my browsers. Who knows what it'll do to your system. ninja.gif

QUOTE
It says IE10 and Iron is vulnerable. FF, Edge and - lo and behold - k-mel is not. How could that be? k-mel most certainly isn't patched. Maybe I don't have the latest Iron. But I thought MS had forced patches on us for this on Win10, so their browsers ought to be safe. Not true?

Yes it's strange that MSIE10 is vulnerable while MS Edge is not (granted they use different engines, but still same company). Firefox/Gecko and Chromium should be patched by now, but then it must be updated in each browser brand (like Iron). Maybe K-Mel is too old to be exploitable (like allegedly Opera12), or too defensively built (like allegedly Pale Moon).

Also (just in case), note that these patches only prevent Spectre exploits through javascript, malware on your computer can still exploit Spectre without any need for a browser.

pandy
You're paranoid. tongue.gif

Yeah, maybe the k-mel guys have made some changes. There are differences from FF. For instance k-mel doesn't support DDE while FF does, sad as it is.
thematrix
QUOTE(Christian J @ Feb 9 2018, 06:47 AM) *

QUOTE(thematrix @ Feb 9 2018, 09:55 AM) *

Yeah, but on their site, it is written that it is vulnerable to Spectre.

Could you link to that page?

(Note that this thread is about the old Opera 12 with the Presto engine, not the newer Chrome-based browser.)


My bad, I've read a post on Reddit about that, but when I checked out more into details it's not correct at all. Sorry for making untruthful statements! Should've checked my facts.
It's a good thing they are almost rid of the CPU problems there were! The last update is stated to be pretty successful!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2018 Invision Power Services, Inc.