Proof of concept that reveals your computer's IP address even when behind a VPN:
Google Chrome is also vulnerable, and there is no way to disable WebRTC in it. Firefox does have this option. The remedy of installing WebRTC block extension doesn't work either.
Does Opera currently have any way to disable WebRTC with a flag, or offer a patch for this blatant security issue?