Mozilla: feed: URLs with an innerURI inherit security context of page (MFSA 2012-55)

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting XSS protection mechanisms via a feed:javascript: URL...