Summary
The createPattern function can reveal old data from random places in memory
Severity: moderately severe
Problem description
Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function thatleaves old data that was in the memory before Opera allocated itin the new pattern. The pattern can be read and analyzed byJavaScript, so an attacker can get random samples of the user’smemory, which may contain data.
Affected versions
This affects Opera for Linux, FreeBSD and Solaris. On those platforms, all versions since Opera 9.0 are affected.
Opera’s response
Opera Software has released Opera 9.22, which has corrected the flaw.
Credits
Thanks to Philip Taylor for notifying Opera Software about this issue.