Hello all,

On Wed, 30 Nov 2005 00:31:29 +0100, Marc Schoenefeld
<marc.schoenefeld (at) gmx (dot) org [email concealed]> wrote:

> Hi y'all,
>
> it is possible to crash the opera 8.50 browser with a simple
> java applet (see below).
> This was observed on Win32, Linux versions maybe affected, too.
> This can be tested only at:
>
> http://www.illegalaccess.org/exploit/opera85/OperaApplet.html
>
> As you can see the applet crashes at 0x67c0a54c. This is
> caused by a bug in a JNI routine implementing the com.opera.JSObject
> class.
> It cannot be ruled out, that this bug is exploitable.
>
> The opera guys were informed on the 21st of September, and
> then again on 8th of October.
>
> Please upgrade to the new Opera 8.51, which does not expose this
> weakness.
>
> Sincerely
> Marc Schönefeld
> marc (at) illegalaccess (dot) org [email concealed]

Opera Software ASA does not consider this to be a security vulnerability.

This is an ordinary NULL-pointer crash, which has no exploit potential.
And since the crash does not prevent restart of the client we also do
not consider it a Denial of Service.

<URL: http://www.opera.com/support/search/supsearch.dml?index=817 >

We thank Marc Schoenefeld for bringing this crashbug to our attention.

Please report bugs and security issues at <URL:
https://bugs.opera.com/wizard/ >

--
Sincerely,
Yngve N. Pettersen
 
********************************************************************
Senior Developer Email: yngve (at) opera (dot) com [email concealed]
Opera Software ASA http://www.opera.com/
Phone: +47 24 16 42 60 Fax: +47 24 16 40 01
********************************************************************

[ reply ]