opera 9 is out

[piratePenguin]

Interesting ... did you try this with FF too ? or just Konqueror ...

It won't work with FF since the cookies.txt file is readable only by the owner, noone else has access to it.

If any other user on the system tries to access my FF cookies they'll be denied permission, like they should be.

[H_TeXMeX_H]

Well there you have it ... FF is better than Opera ... until they fix this bug. Really, I think closed source is it's biggest problem ...

[piratePenguin]

Well there you have it ... FF is better than Opera ... until they fix this bug. Really, I think closed source is it's biggest problem ...

It is a very big thing for the Opera dev's to miss, but it doesn't seem very hard to miss it.

That said, the firefox guys got it, so did the elinks and the links2 guys, and the gaim guys, the irssi guys... hell, too-many programs have their config directories only readable by the owner - gxine WTH?

(btw, I just noticed, even tho firefox's cookies.txt file is only owner-readable, so is the whole .mozilla directory)

I wonder how the update system will handle the change - will it be able to just change the permissions or will it have to check the permissions on the next run or will it have to check the permission on it on *every* run?

And I also wonder how long it'll take to get the update out. Knowing the speed these things are supposed to go at with non-Microsoft products (can't resist) and the apparent simplicity of this problem.. maybe I'll wake up tomorrow and there'll be a fix

And hell, maybe I wasn't in the right page. I used the contact us page, used the "privacy" subject, it's the best I could find when I was flying through the site and it doesn't sound very pleasing lol. If it was firefox, I'd know to go direct to bugzilla.mozilla.org and when I'm filing out the bug I'd check the "this is a security bug" box and bang the developers can get to work on it.

But I suppose really there's no huge danger since only so many people know about it right now (and if that changes, so be it).

And plus, I don't think it will affect Windows, since Windows usually shuts everyone else out of the users home directory (whatever it is/called).

Some GNU/Linux distros do this by default too no doubt, but not Ubuntu. And I prefer it not to. If you don't trust your applications to set proper permissions to should-be-confidential files (containing passwords, cookies, whatever), don't use the application or give it any confidential info.

[GenuineAdvantage]

Apart from the cookie issue, I have always known Opera was faster. It start up faster and everything (on windows). On linux, everything starts slower unless you make it stay in the background. But I also never liked Opera. It always seemed cluttered to me with stuff I don't use. The rendering speed I think is the same unless you're bloating firefox with certain extentions. And firefox can also be tweaked a lot in about:config to make it a bit faster, or with fasterfox. Firefox has always been simpler and more configurable with a variety of extentions. The old firefox before it was named firefox, that was fast. But the current one is slow to start and uses up too much memory. It would be great if it was designed to keep itself running in the background if desired, or at least the relevant part of it, so that it would start instantly. And have it cleanse it's memory use automatically. If you leave this thing running for a while and open a lot of plugins, the memory use will rise greatly and doesn't go down, or takes far too long to go down. If these issues get resolved it would be better than Opera as it is now, no denying it.

[piratePenguin]

Apart from the cookie issue, I have always known Opera was faster. It start up faster and everything (on windows). On linux, everything starts slower unless you make it stay in the background. But I also never liked Opera. It always seemed cluttered to me with stuff I don't use. The rendering speed I think is the same unless you're bloating firefox with certain extentions. And firefox can also be tweaked a lot in about:config to make it a bit faster, or with fasterfox. Firefox has always been simpler and more configurable with a variety of extentions. The old firefox before it was named firefox, that was fast. But the current one is slow to start and uses up too much memory. It would be great if it was designed to keep itself running in the background if desired, or at least the relevant part of it, so that it would start instantly. And have it cleanse it's memory use automatically. If you leave this thing running for a while and open a lot of plugins, the memory use will rise greatly and doesn't go down, or takes far too long to go down. If these issues get resolved it would be better than Opera as it is now, no denying it.

You can disable some of Firefox's cache features in about:config. If it's ram usage annoyed me I would not hesitate to disable that "lightning fast back-forward navigation" feature, it takes up ALOT of ram (opera does this much better I gotta say) and I don't find it very useful. It doesn't work in certain situations, by design (whenever the web-server says not to cache a document, and whenever the previous page wasn't 100% loaded), which seems to be basically all the time that I want it to work.

[piratePenguin]

Really, I think closed source is it's biggest problem ...

for firefox/mozilla/seamonkey etc. http://prefbar.mozdev.org/

[piratePenguin]

Really, I think closed source is it's biggest problem ...

Well, if firefox had this problem you bet I'd try to produce a patch before saying a thing for something that seems so easy. Anyhow, I think this is the line of Mozilla that's responsible for the permissions being so strict. And fecking hell, I was looking at this line over an hour ago thinking "no - that must be the permissions for opening the file" but why would it be 4 digits if that was the fecking case!

Anyhow, Opera, gimme the source code under the terms of the GNU GPL and I will fix this fucking thing for ya for free. How's that for a benefit!

[Aloone_Jonez]

Opera won't GPL their source because they risk loosing sales of Opera mobile, if you look at their EULA it forbids the use of freeware Opera on mobile phones. However they might release the source but not under the GPL, for example they could attach some conditions to it like it shouldn'd be used on mobile phones.

[Jack2000]

There is a program(or an extension) to keep FF's dlls and stuff
in the back ground jsut google for it(maby it was in sourceforge) i think we talked about it somewhere in this forum.

[pofnlice]

yeah, yeah, yeah

Fix your firefox problems with these lines

[Canadian Lover]

Opera is free, and has been since version 8.5.

They are still charging for Opera on non-mainstream platforms like Windows Mobile/PocketPC, cell phones, Nintendo DS*...

*not quite released yet, but date and price have been announced in Japan

Whitch is why I went with a PSP.

[piratePenguin]

EDIT: The entire fecking profile is world-readable! That means everyone can see the passwords for the magic-wand thing, all the mail... the cache, history...

Yea - this is much worse than just the cookies.

In my test user account, I had no problem copying the whole .opera directory of my normal user account. Now, in my test account when I opened Opera it started up from where I'd finished the last time I used opera on my normal account - my gmail and microsuck accounts are open and logged in.

I can see all my usual bookmarks, and the confidential notes. And, if I logged out of Microsuck, I'd be able to automatically fill in the password at the login page thanks to the magic wand tool. Although I can't see the passwords in the 'wand' preferences thing, I KNOW that if someone was determined enough they'd get all my passwords stored with the magic wand tool (from the world-readable wand.dat file) - which is often all of them.

[Aloone_Jonez]

What level would you rat this vulnerability?

I think its seriousness varyies depending on how you use your PC.

If it's a single user machine then it isn't important since it can't be exploited by an external dark force on the Internet.

But it's pretty serious if you allow many people to use your machine but there again all they would need is a boot disk to access all your files anyway, unless you've disabled it using the BIOS set up program.

[piratePenguin]

What level would you rat this vulnerability?

I think its seriousness varyies depending on how you use your PC.

If it's a single user machine then it isn't important since it can't be exploited by an external dark force on the Internet.

But it's pretty serious if you allow many people to use your machine but there again all they would need is a boot disk to access all your files anyway, unless you've disabled it using the BIOS set up program.

I'd go for 'less critical' since it won't effect that many people (although I don't know the guidelines for that rating system).

It's organizations and universities that I'd be worried about, but I bet few of them have world-readable home directories.

[Orethrius]

Well, if firefox had this problem you bet I'd try to produce a patch before saying a thing for something that seems so easy. Anyhow, I think this is the line of Mozilla that's responsible for the permissions being so strict. And fecking hell, I was looking at this line over an hour ago thinking "no - that must be the permissions for opening the file" but why would it be 4 digits if that was the fecking case!

Anyhow, Opera, gimme the source code under the terms of the GNU GPL and I will fix this fucking thing for ya for free. How's that for a benefit!

 In regard to the privs, I see it's set owner read-write only, sans sticky bit.  Might it be more secure to have certain .mozilla subdirectories only modifiable by the originating user?