
The first vulnerability is a defect in Opera's Javascript SVG implementation - the browser allows improper objects to be passed on to a certain function, allowing execution of arbitrary code on a host system.
The second is a flaw in the way the system handles JPEGs, making it open to a heap-based buffer overflow from a malicious file.
Opera ranks these problems as "moderate," but experts at Secunia categorised them as "highly critical." Users are encouraged to upgrade to Opera 9.1, for which Opera Software corrected the problem.
Click here to email West Coast Bureau Chief Ericka Chickowski.