Karol Wiesek and Greg MacManus reported via iDEFENSE that the
Opera web browser contains a flaw in the handling of
certain URIs. When presented with these URIs, Opera would
invoke external commands to process them after some
validation. However, if the hostname component of a URI
begins with a `-', it may be treated as an option by an external
command. This could have undesirable side-effects, from
denial-of-service to code execution. The impact is very
dependent on local configuration.
After the iDEFENSE advisory was published, the KDE team
discovered similar problems in KDE's URI handlers.