Manipulating text input contents can allow execution of arbitrary code, as reported by Red XIII. See our advisory.
HTML parsing flaw can cause Opera to execute arbitrary code, as reported by Alexios Fakos. See our advisory.
Long hostnames in file: URLs can cause execution of arbitrary code, as reported by Vitaly McLain. see our advisory.
Script injection in feed preview can reveal contents of unrelated news feeds, as reported by David Bloom. See our advisory.
Built-in XSLT templates can allow cross-site scripting, as reported by Robert Swiecki of the Google Security Team. See our advisory.
Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas. Details will be disclosed at a later date.
SVG images embedded using <img> tags can no longer execute Java or plugin content, suggested by Chris Evans.
Flash CGI/Mini Thread Version 3.31β