Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 3rd, 2008

Two Severe Flaws In Opera Browser

Opera has warned of two severe bugs in its browser, which could allow attackers to invade a system via simple elements embedded in web pages.

The first bug involves the browser’s handling of HTML 5 canvas elements, which allow dynamic rendering of bitmap images that can be scripted.
If an image is scaled in a particular way, it can cause the browser to crash, which can cause memory corruption. Opera classified the bug “moderately severe.”

The second bug involves Opera’s handling of news feed sources.
When the browser encounters a feed source, it normally triggers a user prompt, but a specially crafted source could be exploited to cause an invalid memory access and crash the browser. This bug is ranked “highly severe.”

Both bugs can be used to exploit malicious code on a system and they both are fixed in the new browser version, 9.27.

Share this item with others:

More on CyberInsecure:
  • Critical Flaws Patched In Opera 9.61, New Zero-day Vulnerability Remains Unpatched
  • Extremely Severe Vulnerabilities Patched In Opera Browser
  • 7 Vulnerabilities, Some Are Extremely Severe, Patched In New Opera 9.52
  • Opera Software Patches Vulnerabilities In Opera 9.64 And Adds Anti-exploitation Mechanisms
  • Opera Software Fixes Two Security Vulnerabilities In Opera 9.60

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Two Severe Flaws In Opera Browser

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word