CVE-2009-3007
CVE-2009-3007 affects Mozilla Firefox 3.5.1, SeaMonkey 1.1.17, and Flock 2.5.1, enabling context-dependent attackers to spoof the address bar via window.open with a relative URI to reveal an arbitrary file: URL after the user navigates to a file: URL. The connected documents corroborate a family ...