Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected
window.location protection mechanism, which might allow remote attackers to
bypass the Same Origin Policy and conduct cross-site scripting (XSS)
attacks via vectors that are specific to each affected plugin.
Updated: 2015-07-29 20:37:42 UTC (commit 9756)