<<< Date Index >>>     <<< Thread Index >>>

Re: Opera 8.50 DoS with simple java applet




Hello all,

On Wed, 30 Nov 2005 00:31:29 +0100, Marc Schoenefeld <marc.schoenefeld@xxxxxxx> wrote:

Hi y'all,

it is possible to crash the opera 8.50 browser with a simple
java applet (see below).
This was observed on Win32, Linux versions maybe affected, too.
This can be tested only at:

http://www.illegalaccess.org/exploit/opera85/OperaApplet.html

As you can see the applet crashes at 0x67c0a54c. This is
caused by a bug in a JNI routine implementing the com.opera.JSObject class.
It cannot be ruled out, that this bug is exploitable.

The opera guys were informed on the 21st of September, and
then again on 8th of October.

Please upgrade to the new Opera 8.51, which does not expose this
weakness.

Sincerely
Marc Schönefeld
marc@xxxxxxxxxxxxxxxxx


Opera Software ASA does not consider this to be a security vulnerability.

This is an ordinary NULL-pointer crash, which has no exploit potential.
And since the crash does not prevent restart of the client we also do
not consider it a Denial of Service.

<URL: http://www.opera.com/support/search/supsearch.dml?index=817 >

We thank Marc Schoenefeld for bringing this crashbug to our attention.

Please report bugs and security issues at <URL: https://bugs.opera.com/wizard/ >


--
Sincerely,
Yngve N. Pettersen
 
********************************************************************
Senior Developer                     Email: yngve@xxxxxxxxx
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************