[41449] in bugtraq
Re: Opera 8.50 DoS with simple java applet
daemon@ATHENA.MIT.EDU (Yngve N. Pettersen (Developer Oper)
Thu Dec 1 16:48:02 2005
Date: Thu, 01 Dec 2005 14:04:29 +0100
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
To: Bugtraq <bugtraq@securityfocus.com>
Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-15
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID: <op.s03vxrk4qrq7tp@nimisha.oslo.opera.com>
In-Reply-To: <438CE4D1.4060100@gmx.org>
Hello all,
On Wed, 30 Nov 2005 00:31:29 +0100, Marc Schoenefeld
<marc.schoenefeld@gmx.org> wrote:
> Hi y'all,
>
> it is possible to crash the opera 8.50 browser with a simple
> java applet (see below).
> This was observed on Win32, Linux versions maybe affected, too.
> This can be tested only at:
>
> http://www.illegalaccess.org/exploit/opera85/OperaApplet.html
>
> As you can see the applet crashes at 0x67c0a54c. This is
> caused by a bug in a JNI routine implementing the com.opera.JSObject
> class.
> It cannot be ruled out, that this bug is exploitable.
>
> The opera guys were informed on the 21st of September, and
> then again on 8th of October.
>
> Please upgrade to the new Opera 8.51, which does not expose this
> weakness.
>
> Sincerely
> Marc Schönefeld
> marc@illegalaccess.org
Opera Software ASA does not consider this to be a security vulnerability.
This is an ordinary NULL-pointer crash, which has no exploit potential.
And since the crash does not prevent restart of the client we also do
not consider it a Denial of Service.
<URL: http://www.opera.com/support/search/supsearch.dml?index=817 >
We thank Marc Schoenefeld for bringing this crashbug to our attention.
Please report bugs and security issues at <URL:
https://bugs.opera.com/wizard/ >
--
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer Email: yngve@opera.com
Opera Software ASA http://www.opera.com/
Phone: +47 24 16 42 60 Fax: +47 24 16 40 01
********************************************************************
