A weakness in the SSL v3.0 and TLS 1.0 specifications can allow eavesdropping attacks against some applications. Exploiting this weakness requires affected applications to send initially predictable content through the connection. In a default installation, Opera does not send such predictable content through these connections, so these attacks have not been shown to be possible in Opera.
This weakness does not affect the TLS 1.1 version of the protocol.
A protocol change has been developed to mitigate the weakness. Although the weakness is not known to be exploitable in previous versions of Opera, Opera 11.60 includes this change. Third party add-ons that can manage their own connections may still be independently vulnerable to this weakness, and must be updated separately. Users who have third party add-ons or plug-ins installed are encouraged to install applicable patches from the third party software vendor.
Thanks to Thai Duong and Juliano Rizzo of Netifera for reporting this issue.