Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected
window.location protection mechanism, which might allow remote attackers to
bypass the Same Origin Policy and conduct cross-site scripting (XSS)
attacks via vectors that are specific to each affected plugin.
Updated: 2016-03-23 03:35:40 UTC (commit 10817)