Arthur Gerkis has identified a DOM events manipulation issue that can be exploited to cause the web browser to crash. In some scenarios, the crashes can be leveraged to execute arbitrary code.
An anonymous expert has notified Opera via the iSIGHT Partners GVP Program of a problem where the use of SVG clipPaths could allow the execution of malicious code.
“When SVG documents with specifically prepared clipPaths are used in Opera, Opera may allow other content to overwrite the memory, before referencing the memory, which will lead to a crash. If an attacker can control the contents being written into memory, execution of arbitrary code may occur,” the advisory reads.
A couple of low-severity vulnerabilities have also been addressed, one of them referring to the fact that Cross-Origin Resource Sharing (CORS) requests can omit the preflight requests.
Opera for Windows is available for download here
Opera for Mac is available for download here
Opera for Linux is available for download here