Summer, i published sdrf whitepaper: http://onsec.ru/onsec-whitepaper-01.eng.pdf

This vulnerability which allows you to open a document with reference to the domain from which it was loaded in spite of http header Content-Type.

New Opera 11 was released today which has the same vulnerability.
For the demonstration suggest the following video: (Google Mail under Opera XSS attack PoC)