Opera patches ’severe’ attack defects

By Dave Nixon

Opera has warned of two severe flaws in its browser, which could let attackers occupy a system via straightforward elements embedded in web pages.

The first bug involves Opera’s management of news feed sources.

When the browser encounters a feed source, it usually triggers a user prompt, but a specially crafted source could be exploited to cause an invalid memory access and crash the browser, Opera said. The company ranked the bug “highly severe.”

The second bug involves the browser’s use of HTML 5 canvas elements, which permit active scriptable rendering of bitmap images.

If an image is scaled in a particular mode, it can cause the browser to crash, which can cause memory corruption. Opera labelled the bug “moderately severe.”

Both bugs can be used to exploit malevolent code on a system, Opera said. The company said both bugs are fixed in the new version 9.27 of the browser.

Opera’s last severe bug fix was just over a month ago, in late February.

One of the February bugs raised the indignation of Claudio Santambrogio, Opera’s quality assurance desktop test manager, who used it to take rival Mozilla to task.

“Mozilla notified us of one security issue the day before they published their public advisory,” said Santambrogio in his blog. “They did not wait for us to come back with an ETA for a fix. They kept their bug reports containing the details of the exploits closed to the public for a few days, and now opened most of them to everybody.”

The bug, which was one of 11 that Mozilla patched earlier this month when it released Firefox 2.0.0.12, could allow attackers to parody input fields. Mozilla said that the vulnerability could be used to fool users into unwittingly uploading malicious code; Opera’s advisory agreed.