SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
(Vendor Issues Fix) Opera Java Sandbox Flaws Let Malicious Applets Access System Information and Crash the Browser
SecurityTracker Alert ID:  1012482
SecurityTracker URL:  http://securitytracker.com/id/1012482
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 11 2004
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.54; prior versions may be affected
Description:   Several vulnerabilities were reported in Opera in the Java sandbox mechanism. An applet can gain elevated privileges to access local information or cause the browser to crash.

Marc Schonefeld from illegalaccess.org reported that a remote user can create a Java applet that, when loaded by the target user, can exploit a number of flaws in the system.

It is reported that Opera's custom Java plugin has a flaw in the default Java policy configuration. The policy grants applets access to internal sun-packages:

grant {
permission java.lang.RuntimePermission "accessClassInPackage.sun.*";
};

This access may let the applet invoke potentially destructive behavior or cause crashes.

It is also reported that the JRE version included with Opera is version 1.4.2_04, which is affected by a previously reported XSLT vulnerability.

It is also reported that the EcmaScriptObject public class in 'opera.jar' allows an applet to access a system memory pointer. A malicious applet can cause the browser to crash.

It is also reported that a malicious applet can monitor the URL classpath of the bootstrap class path to determine the JDK installation directory.

It is also reported that an applet can invoke the sun.security.krb5.Credentials class to determine the name of the currently logged in user and parse the user's home directory. An exception thrown by acquireDefaultCreds may let the applet determine the underlying operating system, the location of user files, and the username of the user running the applet.

It is reported that some other similar flaws exist but were not described in the report.

The vendor was notified on September 1, 2004.

Impact:   A malicious applet can access user and system information and cause the target browser to crash.
Solution:   The vendor has issued a fixed version (7.54u1), available at:

http://www.opera.com/download/

Vendor URL:  www.opera.com/support/search/supsearch.dml?index=782 (Links to External Site)
Cause:   Access control error
Underlying OS:  BeOS, Linux (Any), Apple (Legacy "classic" Mac), QNX, UNIX (FreeBSD), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 19 2004 Opera Java Sandbox Flaws Let Malicious Applets Access System Information and Crash the Browser



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC