You can add Opera to the list of Web browsers singing the security blues.
A new version of the cross-platform browser was released today to plug a highly critical code execution bug in the way Opera integrates support for BitTorrent downloads.
The skinny from an iDefense alert:
When parsing a specially crafted BitTorrent header, Opera uses memory that has already been freed. This can result in an invalid object pointer being dereferenced, and may allow for the execution of arbitrary code. The vulnerability is triggered when the user right clicks on the transfer and removes it...
The attacker must persuade a vulnerable user into clicking a link to a BitTorrent file. The targeted user must subsequently remove the entry from the download pane. The requirement to remove the torrent is not considered to be a mitigating factor since it is natural for a user to attempt to do so when a transfer is not progressing.
This is not the first time a critical security problem has been flagged in Opera 9's support of BitTorrent downloads.