Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow. Per: http://my.opera.com/securitygroup/blog/2010/03/09/the-malformed-content-length-head

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.