Is Vivaldi vulnerable to the FREAK flaw?
-
Someone was asking on the vivaldibrowser subreddit at https://www.reddit.com/r/vivaldibrowser/comments/2ydrk3/is_vivaldi_vulnerable_to_the_freak_flaw_i_know/ Is Vivaldi vulnerable to the freak flaw? https://freakattack.com On windows 7 it seems that it is not, but since it's based on Google Chrome that makes sense. I'm curious as to whether or not it's vulnerable on mac and linux as well, and what if any steps were taken to prevent vulnerabilities.
-
@atomic1fire
To answer your question: freakattack.com does not report Vivaldi running on Linux as vulnerable. -
Listed as vulnerable on Mac
:S :dry: -
That's peculiar, saying not vulnerable on Windows 7 64-bit.
-
@atomic1fire
To answer your question: freakattack.com does not report Vivaldi running on Linux as vulnerable.Yes, I've just checked, and the 32-bit Linux version isn't vulnerable (not sure if you were using the 64-bit version to test).
-
I know I checked Vivaldi 32 bit on Ubuntu and it was fine.
From what I hear Chrome for Mac is vulnerable but there's supposed to be a patch. I assume if Vivaldi is using chrome's SSL code then they'll be on the receiving end when chrome makes a patch, but some official response would be nice.
-
As in once chrome updates, Vivaldi team can get to work on a fix, or would it be fixed right then?
(i'm guessing it's the first) -
@atomic1fire
To answer your question: freakattack.com does not report Vivaldi running on Linux as vulnerable.Yes, I've just checked, and the 32-bit Linux version isn't vulnerable (not sure if you were using the 64-bit version to test).
Gort: To clarify, I tested on 32bit and 64bit Linux.
LATER: Build 1.0.123.10 was vulnerable in Linux and Mac versions. See later build Snapshot 1.0.124.2 with fix:
https://vivaldi.net/blogs/teamblog/item/14-subject-snapshot-1-0-124-2-mea-culpa
-
LATER: Build 1.0.123.10 was vulnerable in Linux and Mac versions. See later build Snapshot 1.0.124.2 with fix:
https://vivaldi.net/blogs/teamblog/item/14-subject-snapshot-1-0-124-2-mea-culpa
Yeah, I just noticed that blog update. Before I update (will after this post), I again went to the freakattack.com site to check version 1.0.123.10 that I currently have installed, but it says that it's not vulnerable for me ("Good News! Your browser appears to be safe from the FREAK attack."). This is under a fully updated Debian Wheezy 32-bit.
Oh well, off to update.
