The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
secunia.com/advisories/39397
support.avaya.com/css/P8/documents/100091069
ubuntu.com/usn/usn-921-1
www.mandriva.com/security/advisories?name=MDVSA-2010:070
www.mozilla.org/security/announce/2010/mfsa2010-24.html
www.redhat.com/support/errata/RHSA-2010-0500.html
www.redhat.com/support/errata/RHSA-2010-0501.html
www.securityfocus.com/bid/39479
www.vupen.com/english/advisories/2010/0748
www.vupen.com/english/advisories/2010/0849
www.vupen.com/english/advisories/2010/1557
bugzilla.mozilla.org/show_bug.cgi?id=490790
exchange.xforce.ibmcloud.com/vulnerabilities/57396
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375