Mozilla Foundation Security Advisory 2010-24
Title: XMLDocument::load() doesn't check nsIContentPolicy
Announced: March 30, 2010
Reporter: Wladimir Palant
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.2
Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons.
This issue has not been fixed in Firefox 3.0