Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving “detection of JavaScript events and appropriate manipulation.”
bugs.gentoo.org/show_bug.cgi?id=235298
secunia.com/advisories/31549
secunia.com/advisories/32538
security.gentoo.org/glsa/glsa-200811-01.xml
securitytracker.com/id?1020722
www.openwall.com/lists/oss-security/2008/09/19/2
www.openwall.com/lists/oss-security/2008/09/24/4
www.opera.com/docs/changelogs/freebsd/952/
www.opera.com/docs/changelogs/linux/952/
www.opera.com/docs/changelogs/mac/952/
www.opera.com/docs/changelogs/solaris/952/
www.opera.com/docs/changelogs/windows/952/
www.opera.com/support/search/view/896/
www.securityfocus.com/bid/30768
www.vupen.com/english/advisories/2008/2416
exchange.xforce.ibmcloud.com/vulnerabilities/44557