Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
https://exchange.xforce.ibmcloud.com/vulnerabilities/33488
http://www.securityfocus.com/archive/1/464041/100/0/threaded