Moderately Severe
HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause Opera to crash. This crash can sometimes cause memory corruption. To inject code, additional techniques will have to be employed.
Opera Software has released Opera 9.27 with a fix for this vulnerability.
Thanks to Michal Zalewski for reporting this issue to Opera Software.
Need help? Hit F1 anytime while using Opera to access our online help files, or go here.