Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.
Exploitability
AV:NAC:HAu:NImpact
C:PI:PA:P5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P