Re: Opera 8.50 DoS with simple java applet

["Yngve N. Pettersen (Developer Opera Software ASA)" <yngve () opera com>]

Hello all,

On Wed, 30 Nov 2005 00:31:29 +0100, Marc Schoenefeld  
<marc.schoenefeld () gmx org> wrote:

> Hi y'all,
>
> it is possible to crash the opera 8.50 browser with a simple
> java applet (see below).
> This was observed on Win32, Linux versions maybe affected, too.
> This can be tested only at:
>
> http://www.illegalaccess.org/exploit/opera85/OperaApplet.html
>
> As you can see the applet crashes at 0x67c0a54c. This is
> caused by a bug in a JNI routine implementing the com.opera.JSObject  
> class.
> It cannot be ruled out, that this bug is exploitable.
>
> The opera guys were informed on the 21st of September, and
> then again on 8th of October.
>
> Please upgrade to the new Opera 8.51, which does not expose this
> weakness.
>
> Sincerely
> Marc Schönefeld
> marc () illegalaccess org


Opera Software ASA does not consider this to be a security vulnerability.

This is an ordinary NULL-pointer crash, which has no exploit potential.
And since the crash does not prevent restart of the client we also do
not consider it a Denial of Service.

<URL: http://www.opera.com/support/search/supsearch.dml?index=817 >

We thank Marc Schoenefeld for bringing this crashbug to our attention.

Please report bugs and security issues at <URL:  
https://bugs.opera.com/wizard/ >


--
Sincerely,
Yngve N. Pettersen
 
********************************************************************
Senior Developer                     Email: yngve () opera com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************