H-Online reports a critical security hole in Opera's browser has been made public by security expert José A. Vázquez. The security flaw is caused by a memory bug when processing SVG content within framesets, Opera users can be infected by visiting a compromised website. Vázquez says he notified the Opera developers about the hole one year ago, by making the discovery public he's forcing them into action.
Vázquez says that he found the hole and notified the developers with a proof of concept a year ago. However, the expert said that Opera decided not to close the hole.
Vázquez thinks that the Opera developers might have tested his version 10.6 exploit with the current version 11.x, which may have caused the exploit to malfunction. Instead of contacting Opera again, Vázquez has adapted the exploit for the current version 11.51 of Opera and has released it as a Metasploit module. This means that, in principle, anyone can now exploit the vulnerability.