Opera security advisory - Named frames or windows can be hi-jacked by malicious frames or windows. - Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog misleading. A user may be convinced that an executable file is something else, for example a PDF document. - Applets have access to sun.* packages - Liveconnect: com.opera.EcmascriptObject constructor is accessible to Java - Liveconnect reveals the path to the user's home directory. This can make other vulnerabilities easier to exploit.
Vulnerable versions of Opera 7.54 and earlier
Apparently the beta 7.60p4 they have out is also partially vulnerable to this.
Thanks for the reminder Jennifer. I just wanted to bump this back up to the top for the Opera users out there.
Make sure that you download the 7.54u1 version, and that you check your version in opera:about to make sure you've got the latest version. Currently the Opera download page only has the Opera 7.54 Security Update listed in the right-hand column. The rest of the download sites have yet to be updated.
I read that to cure Preview 4 would cause problems at this stage, so there'll probably be a Preview 5 later. That version is still being worked on quite a bit. (It's not advisable to use it for everyday work.)
Once again, the upgrade to 7.54 has proved how Opera and others like Firefox take security seriously, bringing a patch out almost instantly. It'll be weeks if not months before Microsoft get round to theirs, won't it? I know which browser I trust... it begins with O.