lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <op.s03vxrk4qrq7tp@nimisha.oslo.opera.com>
Date: Thu, 01 Dec 2005 14:04:29 +0100
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@...ra.com>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: Opera 8.50 DoS with simple java applet



Hello all,

On Wed, 30 Nov 2005 00:31:29 +0100, Marc Schoenefeld  
<marc.schoenefeld@....org> wrote:

> Hi y'all,
>
> it is possible to crash the opera 8.50 browser with a simple
> java applet (see below).
> This was observed on Win32, Linux versions maybe affected, too.
> This can be tested only at:
>
> http://www.illegalaccess.org/exploit/opera85/OperaApplet.html
>
> As you can see the applet crashes at 0x67c0a54c. This is
> caused by a bug in a JNI routine implementing the com.opera.JSObject  
> class.
> It cannot be ruled out, that this bug is exploitable.
>
> The opera guys were informed on the 21st of September, and
> then again on 8th of October.
>
> Please upgrade to the new Opera 8.51, which does not expose this
> weakness.
>
> Sincerely
> Marc Schönefeld
> marc@...egalaccess.org


Opera Software ASA does not consider this to be a security vulnerability.

This is an ordinary NULL-pointer crash, which has no exploit potential.
And since the crash does not prevent restart of the client we also do
not consider it a Denial of Service.

<URL: http://www.opera.com/support/search/supsearch.dml?index=817 >

We thank Marc Schoenefeld for bringing this crashbug to our attention.

Please report bugs and security issues at <URL:  
https://bugs.opera.com/wizard/ >


-- 
Sincerely,
Yngve N. Pettersen
 
********************************************************************
Senior Developer                     Email: yngve@...ra.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ