Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifying or overwriting a configuration file.

Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.

Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.