Hello all -
I don't have time for a fancy advisory format, but I did want to disclose an
issue.
Sometime in early October (late September?), around the time Opera 9.6 was
released, I noticed that you could get it to crash after supplying the file://
handler with ~16,500 characters. I played ar
hi
is very curious vulnerability...
I think I found a variant of this vulnerability, if using another protocol (eg:
https ://).
I am sure that is an variant because providing other protocolos (eg: http://)
does not work, nor the exceptions that are generated are equal to fail.
---
It works on Opera 9.62 with Vista Business running and the crash produces:
You tried to access the address
file://xxx
mmm sorry..
don't works this...
:(
Juan Pablo Lopez Yacubian
For whatever reason, the file:// exploit isn't working on the version of Opera
I have on this machine, but it worked on my XP SP2 machine back home. I can't
get it to crash with https:// either. Both have Opera 9.62. Perhaps there's
been a silent fix? I'm not sure; I wish Opera would reply.
If I open specialy crafted html file - ok, exploit is working,
but if I put that file on the server and receive it from the network
with my opera,
exploit does not work!
why???
Try accessing it via https.
When you access remotely, it defaults to the http uri handler.
Hi Peter,
Apropos File URI scheme, if you are saying about accessing a file with
something like file://abcd... in a link, 'over a network', then most of the
browsers (perhaps all) do not follow "file:" links on a page that is fetched
with "HTTP". The purpose is "security" or to prevent a remo
Does that also hold true if you use a javascript/java applet to deliver the URL
rather than just placing it in a text link?
--Original Message--
From: [EMAIL PROTECTED]
Sender:
To: bugtraq@securityfocus.com
Subject: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow
Sent: Nov 19, 2008 5:59
I don't mean to come off as a jerk here, but, most of the questions that have
been asked were mentioned in the original message and in k`sOSe's code.
As I've said, Opera does not allow you to invoke the file:// handler from the
Internet. I am not sure about Java applets, but JavaScript is the
10 matches
Mail list logo