Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Opera, using freed memory via Node

November 2011 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can create a web document altering HTML nodes, in
order to force Opera to use a freed memory area, in order to stop
it, and possibly to execute code.

 Severity: 2/4
 Creation date: 24/10/2011

IMPACTED PRODUCTS

 Opera

DESCRIPTION OF THE VULNERABILITY

Elements of an HTML document can be represented as a tree, which
can be altered in JavaScript via the appendChild() and
removeChild() functions.

However, if a node is cloned with cloneNode(), then deleted with
removeChild() and re-added with appendChild(), Opera dereferences
an invalid pointer.

An attacker can therefore create a web document altering HTML
nodes, in order to force Opera to use a freed memory area, in
order to stop it, and possibly to execute code.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Opera-using-freed-memory-via-Node-11094


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts