Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability:
Removing a specially crafted torrent from the download manager can crash Opera. The crash is caused by an erroneous memory access. An attacker needs to entice the user to accept the malicious BitTorrent download, and later remove it from Opera's download manager. To inject code, additional means will have to be employed. Users clicking a BitTorrent link and rejecting the download are not affected.
data: URLs embed data inside them, instead of linking to an external resource. Opera can mistakenly display the end of a data URL instead of the beginning. This allows an attacker to spoof the URL of a trusted site.
Opera's HTTP authentication dialog is displayed when the user enters a Web page that requires a login name and a password. To inform the user which server it was that asked for login credentials, the dialog displays the server name. The user has to see the entire server name. A truncated name can be misleading. Opera's authentication dialog cuts off the long server names at the right hand side, adding an ellipsis (...) to indicate that it has been cut off. The dialog has a predictable size, allowing an attacker to create a server name which will look almost like a trusted site, because the real domain name has been cut off. The three dots at the end will not be obvious to all users. This flaw can be exploited by phishers who can set up custom sub-domains, for example by hosting their own public DNS.