Advisory: The createPattern function can reveal old data from random places in memory

Summary

The createPattern function can reveal old data from random places in memory

Severity: moderately severe

Problem description

Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern can be read and analyzed by JavaScript, so an attacker can get random samples of the user's memory, which may contain data.

Affected versions

This affects Opera for Linux, FreeBSD and Solaris. On those platforms, all versions since Opera 9.0 are affected.

Opera's response

Opera Software has released Opera 9.22, which has corrected the flaw.

Credits

Thanks to Philip Taylor for notifying Opera Software about this issue.

Support

• New to Opera
• Register Opera Mobile
• Tutorials
• Knowledge base
• Community
• Reporting bugs
• Premium support
• Documentation

Site Index | Contact | Privacy Copyright Opera Software ASA. All rights reserved.

my.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com