Discussion:
All major browsers fall during second day of Pwn2Own hacking contest
(too old to reply)
Roy
2014-03-21 15:14:43 UTC
Permalink
Raw Message
Just when you though you were safe

http://www.pcworld.com/article/2108560/all-major-browsers-fall-during-second-day-at-pwn2own-hacking-contest.html
David Kaye
2014-03-21 17:46:43 UTC
Permalink
Raw Message
Post by Roy
Just when you though you were safe
http://www.pcworld.com/article/2108560/all-major-browsers-fall-during-second-day-at-pwn2own-hacking-contest.html
Safety is for sissies. By the way, no mention of Opera. I wonder how that
stacks up.

On one level I think the successful hacks are a good sign in that it causes
programmers to think twice before building websites that exploit people's
machines. I mean, do we REALLY need some website to go rooting around
looking for where we live or what hard drive we're using?
Eli the Bearded
2014-03-21 19:17:10 UTC
Permalink
Raw Message
Post by David Kaye
Post by Roy
Just when you though you were safe
When was that again? :^)
Post by David Kaye
Safety is for sissies. By the way, no mention of Opera. I wonder how that
stacks up.
Opera was not one of the seven targetted platforms:

http://www.pwn2own.com/2014/03/pwn2own-2014-lineup/

Adobe Flash
Adobe Reader
Apple Safari
Google Chrome
Microsoft Internet Explorer
Mozilla Firefox
Oracle Java (entry withdrawn)

If you've got Java or Flash in Opera, those are obvious targets to worry
about. Besides that, check CVE:

http://www.cvedetails.com/vulnerability-list/vendor_id-1961/product_id-15008/Opera-Opera-Browser.html

Which doesn't show much for recent versions. Is it a lack of problems
or a lack of people looking for problems?

The changelogs at opera.com are pretty skimpy, but I see "Stability
enhancements." in all of these:

http://www.opera.com/docs/changelogs/unified/1600/
http://www.opera.com/docs/changelogs/unified/1700/
http://www.opera.com/docs/changelogs/unified/1800/
http://www.opera.com/docs/changelogs/unified/1900/
http://www.opera.com/docs/changelogs/unified/2000/

And that sounds like code for "something that caused a crash has been
fixed". And "something that caused a crash" is often a vector for a
buffer overflow.

Elijah
------
could find no changelogs for Opera mini

Loading...