The createPattern function can reveal old data from random places in memory – Opera Security Advisories

Summary

The createPattern function can reveal old data from random places in memory

Severity: moderately severe

Problem description

 

Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function thatleaves old data that was in the memory before Opera allocated itin the new pattern. The pattern can be read and analyzed byJavaScript, so an attacker can get random samples of the user’smemory, which may contain data.

Affected versions

 

This affects Opera for Linux, FreeBSD and Solaris. On those platforms, all versions since Opera 9.0 are affected.

Opera’s response

 

Opera Software has released Opera 9.22, which has corrected the flaw.

Credits

Thanks to Philip Taylor for notifying Opera Software about this issue.