Full details on BugTraq. Short summary: 1: Opera does not follow Sun's guidelines for secure Java programming. Internal access to sun-packages is granted. 2: XSLT processor covert channel attack with bundled JRE (http://sunsolve.sun.com/search/document.do?assetkey=1-26-57613-1&searchclause= though it seems dead now, Google has a nice cache.) 3: Internal pointer DoS exploitation 4: Exposure of location of local java installation 5: Exposure of local user name to an untrusted applet
According to secunia's advisory[1], this issue is fixed in 7.60 beta versions of opera. [1]: http://secunia.com/advisories/13257/
Still no release upstream. CC'ing maintainer.
this (partly?) seems to be adressed in bug #74076
Fixed with 7.54u1, will be addressed in bug 74076 *** This bug has been marked as a duplicate of 74076 ***