Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This can cause the script to be run in the wrong security context.
Opera Software has released Opera 9.26, where this issue has been fixed.
Thanks to Max Leonov for reporting this issue to Opera Software.