Advisory: A very long title in a web page can cause a crash on startup

Summary

A web page with an extremely long <title> attribute can cause Opera to crash when certain conditions are met. It affects Windows users with Input Method Editor (IME) installed.

Severity: Medium

Problem description

If a Windows user with Input Method Editor (IME) installed bookmarks a page with an extremely long <title> element, Opera will crash upon next startup. Opera will not recover from this on its own, so the user will not be able to start Opera.

This affects Japanese users and others using IME for text input. It also affects Opera users on Mac OSX. Since Opera will not start afterwards, it can be used for denial of service attacks.

Workaround: Remove autosave.win after the crash.

Opera's response

Opera has released version 8.51, where this flaw has been corrected.

Credits

Thanks to Tatsuya Matsumoto and jp-CERT for reporting this issue to us.

Support

• New to Opera
• Register Opera Mobile
• Tutorials
• Knowledge base
• Community
• Reporting bugs
• Premium support
• Documentation

Web analytics powered by HitsLink. Copyright Opera Software ASA. All rights reserved.

Site Index | Contact | Privacymy.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com