A recently revealed vulnerability in the desktop version of Opera 9 can also crash the Wii version.
On January 5th, Opera Software revealed two security bugs in version 9.0x of its internet browser. Though patched in its most recently released version 9.10, the Internet Channel Trial Version used on the Wii is still affected since it is powered by Opera 9.0. iDefense Labs, discoverer of the bugs, notified Opera Software on November 16th of last year.
One of the bugs, a flaw in the way the browser handles a scalable vector graphics (SVG) JavaScript function, can not only crash the Opera web browser, but can also allow arbitrary code execution. However, it is unclear whether this code execution can happen on the Wii version, though the crash (a hard freeze of the system) does indeed occur. In theory, a malicious hacker could craft a special webpage, which when visited by a victim, would crash and potentially execute code on the Wii.
The crash occurs because Opera does not properly validate the type of object passed to the JavaScript SVG function "createSVGTransformFromMatrix."
Though Opera mentions that users that have JavaScript disabled are not affected by the problem, this is not a possibility on the Wii version, and Wii users will have to wait for a patch or the final version, which is currently scheduled for the end March.