Opera up to and including version 10.60 is vulnerable to an arbitrary memory write of 0x00000000, 4 byte aligned, when processing an html page featuring a SELECT tag with a very large SIZE parameter.
630fbf78a70da7125a10c3f5ee2b547435896349a5687c315425d7f9e3ea9851