Advisory: Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code
Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed.
Opera Software has released Opera 10.61 where this issue has been fixed.
Thanks to Kuzzcc for reporting this issue to Opera Software.