"Specially crafted domain names can cause a memory corruption in Opera,
which may lead to a crash. Successful exploitation can lead to execution
of arbitrary code."
"Opera may allow scripts to run on the feed subscription page, thereby
gaining access to the feeds object. This can be used for automatic
subscription of feeds, or reading other feeds."
"In some cases, a Web font intended to be used for page content could be
incorrectly used by Opera to render parts of the user interface,
including the address field. This can be used by a malicious site to
display a false domain name in the address field."
All three of these vulnerabilities have been addressed in Opera 10.01.
It is recommended that Opera be updated to this version to avoid