Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address).
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".