Opera before 9.26 allows remote attackers to misrepresent web page addresses using “certain characters” that “cause the page address text to be misplaced.”
lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html
secunia.com/advisories/30636
secunia.com/advisories/30682
www.opera.com/docs/changelogs/linux/950/#security
www.opera.com/docs/changelogs/windows/950/#security
www.opera.com/support/search/view/878/
www.securityfocus.com/bid/29684
www.vupen.com/english/advisories/2008/1812
exchange.xforce.ibmcloud.com/vulnerabilities/43035