Opera 12 Support
-
bravesirrobin last edited by
Does anyone knows if Opera 12 is still being supported?
It is still available for download and I heard that Opera would still release security updates, but I've been using version 12.16 for months and I haven't seen any update so far.
Forget about speculation, does anyone knows anything solid about the subject?Is Opera 12 still supported or not?
-
blackbird71 last edited by
At this time, there are no un-patched Opera 12 security vulnerabilities publicly listed at security sites like CERT, Secunia, etc. so that normally means the software design is "current" in its security patching. As soon as a problem is publicly reported, it pops up on their radar screens and gets listed. As far as any privately-reported (to Opera) security vulnerabilities, there are no public records maintained, so no one outside Opera and the one privately reporting a new flaw knows if there are any that haven't yet been patched.
Opera has stated it will security-support Opera 12 until it decides to replace it "officially" with a Blink Opera version, but that does not mean that if a major security flaw is discovered, that itself won't precipitate such an announcement if Opera deems the Presto patch too difficult to implement. In any case, being a minor-segment browser, Opera doesn't attract major hacker attention - the potential "payoff" doesn't justify much malware design effort, though that's certainly not a reason to be complacent.
-
biggerabalone last edited by
buffer overflow vulnerability
"Upgrading to version 15.0 eliminates this vulnerability. A possible mitigation has been published"
"Updated: 03/18/2014" -
blackbird71 last edited by
Interesting, and a good find! SCIP - Report: Created: 07/29/2013, Updated: 03/18/2014. More here: http://www.osvdb.org/show/osvdb/95633
Opera contains a flaw that is triggered as user-supplied input is not properly sanitized.
This may allow a context-dependent attacker to corrupt memory and cause a denial of service.- Location: Context Dependent
- Attack Type: Input Manipulation
- Impact: Loss of Availability
...
I wasn't familiar with that vulnerability listing service; apparently the report hasn't been widely disseminated yet, since it doesn't show up in the other "big" name lists. The one mitigating thing at present is that it only appears to result in a DOS situation, rather than remote penetration of the system, etc.