The vulnerabilities that were fixed by the 11.01 version allowed clickjacking, data detention, and remote code injection.
Last week, the French security company VUPEN issued a critical vulnerability alert for Opera 11 and 10.63 in Windows 7 and Windows XP SP3 about the Opera remote code injection vulnerability.
In the alert, VUPEN said the vulnerability “could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by an integer truncation error within the Opera Internet Browser module ‘opera.dll’ when handling a HTML ‘select’ element containing an overly large number of children, which could allow remote attackers to execute arbitrary code by convincing a user to visit a specially crafted web page.”
The 11.01 version fixes that vulnerability, as well as a vulnerability that “made it possible to carry out clickjacking attacks against internal Opera, one that allowed web pages to gain limited access to files on a user’s computer,” and one whereby “email passwords were not immediately deleted when deleting private data,” Opera said. The updated version also removed support "javascript:" URLs in CSS -o-link values to make it easier for sites to filter untrusted CSS.
Version 11.01 also enables Mac operating system file quarantine. “This is the feature that sets a flag on downloaded files so the Finder can alert users when opening them that they were downloaded from a web site”, explained the Mac security blog.