The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.
https://exchange.xforce.ibmcloud.com/vulnerabilities/91090
http://www.securityfocus.com/bid/65391
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000014
http://jvn.jp/en/jp/JVN23256725/index.html
http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/