Bugtraq mailing list archives
Re: Opera 8.50 DoS with simple java applet
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve () opera com>
Date: Thu, 01 Dec 2005 14:04:29 +0100
Hello all,On Wed, 30 Nov 2005 00:31:29 +0100, Marc Schoenefeld <marc.schoenefeld () gmx org> wrote:
Hi y'all, it is possible to crash the opera 8.50 browser with a simple java applet (see below). This was observed on Win32, Linux versions maybe affected, too. This can be tested only at: http://www.illegalaccess.org/exploit/opera85/OperaApplet.html As you can see the applet crashes at 0x67c0a54c. This iscaused by a bug in a JNI routine implementing the com.opera.JSObject class.It cannot be ruled out, that this bug is exploitable. The opera guys were informed on the 21st of September, and then again on 8th of October. Please upgrade to the new Opera 8.51, which does not expose this weakness. Sincerely Marc Schönefeld marc () illegalaccess org
Opera Software ASA does not consider this to be a security vulnerability. This is an ordinary NULL-pointer crash, which has no exploit potential. And since the crash does not prevent restart of the client we also do not consider it a Denial of Service. <URL: http://www.opera.com/support/search/supsearch.dml?index=817 > We thank Marc Schoenefeld for bringing this crashbug to our attention.Please report bugs and security issues at <URL: https://bugs.opera.com/wizard/ >
-- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve () opera com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Current thread:
- Re: Opera 8.50 DoS with simple java applet Yngve N. Pettersen (Developer Opera Software ASA) (Dec 01)