Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
secunia.com/advisories/37699
secunia.com/advisories/37704
secunia.com/advisories/37785
secunia.com/advisories/37813
secunia.com/advisories/37856
secunia.com/advisories/37881
securitytracker.com/id?1023342
securitytracker.com/id?1023343
www.debian.org/security/2009/dsa-1956
www.mozilla.org/security/announce/2009/mfsa2009-69.html
www.novell.com/linux/security/advisories/2009_63_firefox.html
www.securityfocus.com/bid/37349
www.securityfocus.com/bid/37370
www.ubuntu.com/usn/USN-873-1
www.ubuntu.com/usn/USN-874-1
www.vupen.com/english/advisories/2009/3547
bugzilla.mozilla.org/show_bug.cgi?id=514232
bugzilla.redhat.com/show_bug.cgi?id=546726
exchange.xforce.ibmcloud.com/vulnerabilities/54808
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911
rhn.redhat.com/errata/RHSA-2009-1674.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html