browser.js in Mozilla Firefox 1.5.x before 188.8.131.52 and 2.x before 184.108.40.206,
and SeaMonkey before 1.0.8 uses the requesting URI to identify child
windows, which allows remote attackers to conduct cross-site scripting
in combination with multiple frames having the same data: URI.
Updated: 2016-01-26 17:28:01 UTC (commit 10507)