Opera Mail also got an update, which kind of confirms my suspicions

http://www.opera.com/blogs/security/201 ... ty-update/We realize that those of you on old operating systems like Windows XP SP1 and older are left without much choice beyond using our Presto-based browser. With security standards on the web changing so much we didn’t want to leave you completely alone (even though we are not updating this product any longer) – we’ve just released an update for Opera 12, the last, stable Presto version.
In order to make your browser, and its mail client, function well on the present-day web, we’ve made a few changes, with a focus on the security aspect. The most important change is the support for ECC cipher suites used in secure connections. Another addition is GCM. Opera 12 now supports the same set of ciphers as other modern browsers. We have seen that many domains are relying on ECC certificates, thus making Opera 12 unable to connect. Similarly most clients using TLS have deprecated RC4 from the list of secure ciphers. We have done the same in this update. There is a setting to turn it back on, in case you need it. Since more servers are supporting TLS 1.2, we have enabled that by default.
Along with the Opera 12 update, we have also decided to update Opera Mail. Recently we were notified of a security issue in the standalone mail client by a security researcher, Zhen Hui Lee from Future Team. This vulnerability may allow code execution on the user’s machine using a carefully crafted message and some specific user interaction. As a company, we are committed to the security of our products, so we took necessary steps to fix this issue.
Those of you who use Opera 12 and Opera Mail should be auto-updated to the latest version soon. Those who prefer offline updates can download the releases of Opera 12 and Opera Mail. You should know that the above-mentioned security issue affects only the Windows version of Opera Mail. Further, as we don’t see a significant number of users of Opera 12 and Opera Mail on non-Windows platforms, we won’t be updating for those.
Finally, even with this security update being issued, we would urge those of you still using Windows XP SP1 and older to upgrade to a newer/supported OS and then to the latest Opera 35. This is essential, since the web is a constantly changing platform and a product not being given any measure of development time cannot stay secure and functional. Today’s websites are also relying on modern technologies and features, which need up-to-date versions of browsers that support them.
what a fugin moronWe realize that those of you on old operating systems like Windows XP SP1 and older
It's a bit insulting to users, sure. When you think about it though someone at Opera had to justify and frame updating an old release while still trying to make it look like the latest versions were the ones users should use.billon wrote:what a fugin moronWe realize that those of you on old operating systems like Windows XP SP1 and older
+1smaragdus wrote:Opera Presto rocks, Opera Blink sucks.
Me, toosmaragdus wrote:I still have the real Opera installed mainly out of sentimentality.
I'm opposed.webfork wrote: ↑Thu Aug 16, 2018 3:13 pmPFW users:
I've generally made it the policy of the site to add a security notice to some of the older browsers mentioned here on the site (here are a few examples) to help set expectations for visitors. People have strong feelings about Opera (Presto) so I wanted to poll site users before making any dramatic edits to the entry.
My rationale for adding it now is the presence of some recent, high profile security issues that affected a very broad range of software and architectures (e.g. Meltdown and Spectre). There hasn't been an update to the program in 2.5 years and it's unlikely that the old version of Opera somehow escaped all these issues. As such, a note seems warranted.
Thoughts?
From what I've read with Spectre for it to be exploited over the internet via a web page it requires very precise timing info using Javascript. I had my doubts whether Presto even supported the necessary functions and searching around according to this write-up it doesn't support them.webfork wrote: ↑Thu Aug 16, 2018 3:13 pmMy rationale for adding it now is the presence of some recent, high profile security issues that affected a very broad range of software and architectures (e.g. Meltdown and Spectre). There hasn't been an update to the program in 2.5 years and it's unlikely that the old version of Opera somehow escaped all these issues. As such, a note seems warranted.
Thoughts?
I can appreciate that the Presto browser engine may have escaped Meltdown and Spectre, but do you feel like the program is still secure with no updates in the last ~30 months?SYSTEM wrote: ↑Thu Aug 16, 2018 10:31 pmI'm opposed.
Meltdown and Spectre got attention primarily because 1) as hardware flaws, fully fixing them requires new CPUs, and 2) because they affect such a broad range of software. Other than that, they aren't very severe vulnerabilities: just information leaks.
No, definitely not. I think there should absolutely be a security notice (I'm surprised there isn't one already), it just shouldn't be about Meltdown and Spectre.webfork wrote: ↑Sun Aug 19, 2018 1:53 pmI can appreciate that the Presto browser engine may have escaped Meltdown and Spectre, but do you feel like the program is still secure with no updates in the last ~30 months?SYSTEM wrote: ↑Thu Aug 16, 2018 10:31 pmI'm opposed.
Meltdown and Spectre got attention primarily because 1) as hardware flaws, fully fixing them requires new CPUs, and 2) because they affect such a broad range of software. Other than that, they aren't very severe vulnerabilities: just information leaks.
Got it, just wanted to make sure I understood. Thanks