The first security issue is caused due to a design error when handling input to file form fields. The advisory states that it could be exploited to trick a user into uploading arbitrary files.
The second flaw is related to the handling of custom comments in image properties and can be exploited to execute arbitrary script code in the wrong security context when comments of a malicious image are displayed.
The third and last of today’s pack is an error in the handling of attribute values when importing XML into a document. It can be exploited to bypass filters and conduct cross-site scripting attacks if these values are used as document content.
The vulnerabilities are known to affect all Opera versions prior to 9.26.