Opera 9 Remote Denial of Service

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Opera 9 Remote Denial of Service
From: NNP <version5@xxxxxxxxx>
Date: Mon, 14 Aug 2006 00:07:34 +0100
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; b=lb5ryajkF/DES7wT7vVIu5gRBpo0SmiGC8f4dxXTaluP/El3l6I3QBg0TcKLIFMJmK+C7c62ywVvRGx2Pd7RLyhrDS9MiWQhvXoqLavuezMFrH1wVDSfPbilo9rYSaaLizzP0tjLerR1OOS7DQTSe6ybaIbmrblcb4F0hKEVIMM=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 1.5.0.4 (X11/20060615)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.milw0rm.com/exploits/2179

Run the above as a server and connect to it using the in-built IRC
client. The Linux, Windows and OSX versions are vulnerable and others
may also be.

By embedding a redirect to irc://evilhost in a web page the browser can
be easily crashed. This requires the user to enter a nickname if the IRC
client hasn't been previously configured.

Enjoy,
NNP

- --
http://silenthack.co.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE37C23h7ZfzDylwMRAlDjAJ9NiSge62AUMI2Idb/CKytR72nCEgCeJIPB
YnL6yy1JpiGYFp2GiTEr0x4=
=J/Gt
-----END PGP SIGNATURE-----

Prev by Date: Multiple Arbitrary File Access (Write/Read) Vulnerabilities
Next by Date: Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability
Previous by thread: Multiple Arbitrary File Access (Write/Read) Vulnerabilities
Next by thread: Security contact from Critical Path Inc
Index(es):
- Date
- Thread