Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera Access Control Flaw in Java Lets Malicious Javascript and Java Applets Bypass Security Restrictions
SecurityTracker Alert ID:  1006952
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 8 2003
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network
Exploit Included:  Yes  

Description:   An access control vulnerability was reported in the Java and Javascript implementation in the Opera browser. A malicious script or applet can execute code and make connections to arbitrary security domains.

A recurrence of an old Java implementation vulnerability was reported by meme156 in several web browsers, including Mozilla, Netscape, and Opera. Microsoft Internet Explorer is reportedly not affected.

It is reported that a remote user can create HTML that, when loaded by the target user, will inject and execute JavaScript code in the JavaScript console of the target user's browser using the "view-source:" function. A demonstration exploit is available at:

It is also reported that a malicious applet can make connections to arbitrary domains. A demonstration exploit that was originally written several years ago for a bug in Microsoft Internet Explorer that has since been corrected but reportedly now applies to Opera is available at:

It is also reported that Dan Brumleve's Brown Orifice web server (BOHTTPD) exploit code can be used to exploit this flaw.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary Javascript or Java applets that can connect to arbitrary domains.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  BeOS, Linux (Any), Apple (Legacy "classic" Mac), QNX, UNIX (FreeBSD), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Cross-Platform Browser vulnerabilities - Critical


Once upon a time in the far off land of 1997 dwelled horrible cross platform
browser vulnerabilities that threatened every user of the internet.

Pioneers of Java Security Model exploitation such as Ben Mesander,Dan
Brumleve, & Georgi Guninski showed us wonderful methods of loading
arbitrary classes and images, connection to arbitrary hosts with class
loading and remote browser tracking , to name just a few.
We at meme156 laboratories are pleased to announce theyyyree baaaack!

Let no hat, black white or grey, wander in on or about the www without fear.


         Opera, Mozilla & Netscape with javascript enabled are vulnerable
         to remote command execution. This has been tested on Microsoft,
         and many many Unices. Macintosh may also be vuln.

         Ironically enough, IE is unaffected.

Versions: all current versions , not sure how far back

Impact: Critical - Go Threatcon , it's ya berfday!


very minimal sample below followed by links to long dead bugs resurrected
from the graves of exploits past by this most excellent everlasting bug.
Old school window spoofing tekneeq:


function werd()

function winopen() {"view-source:javascript:location='';");




I have provided a live version of this mild example here:

Resurrected Juarez:

^From the depths of '97 this old treasure is back, demonstrating
 remote class loading.

^amaze your freinds! show them their pr0n history with guninskis old
 classic :)

^circa 2000 , Dan Brumleve's masterpiece is back!

"New bugs were discovered in Netscape's implementation of Java has been
found which allows a remote site to read any file on the client machine
and to set up a Java server which anyone can connect to. Brown Orifice
HTTPD starts a Java server which allows others to read files on your

Fix: Disable Java immediately

Vendor Notification: None - This is full disclosure


There are many, many more issues than I have discussed. The minimal release
is for giving the blackhats time to play.

Editors note: I miss that old channel still samael. parsekungfu4lyfe

Summer of the Sickness is drawing near.......


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC