Opera has warned of two severe bugs in its browser, which could allow attackers to invade a system via simple elements embedded in web pages.
The first bug involves Opera's handling of news feed sources.
When the browser encounters a feed source, it normally triggers a user prompt, but a specially crafted source could be exploited to cause an invalid memory access and crash the browser, Opera said. The company ranked the bug "highly severe."
The second bug involves the browser's handling of HTML 5 canvas elements, which allow dynamic scriptable rendering of bitmap images.
If an image is scaled in a particular way, it can cause the browser to crash, which can cause memory corruption. Opera labelled the bug "moderately severe."
Both bugs can be used to exploit malicious code on a system, Opera said. The company said both bugs are fixed in the new version 9.27 of the browser.
Opera's last severe bug fix was just over a month ago, in late February.
One of the February bugs raised the ire of Claudio Santambrogio, Opera's quality assurance desktop test manager, who used it to take rival Mozilla to task.
"Mozilla notified us of one security issue the day before they published their public advisory," said Santambrogio in his blog. "They did not wait for us to come back with an ETA for a fix. They kept their bug reports containing the details of the exploits closed to the public for a few days, and now opened most of them to everybody."
The bug, which was one of 11 that Mozilla patched earlier this month when it released Firefox 220.127.116.11, could let attackers spoof input fields. Mozilla said that the vulnerability could be used to dupe users into unwittingly uploading malicious code; Opera's advisory agreed.
Computerworld's Gregg Keizer contributed to this report.