Mozilla Foundation Security Advisory 2012-03
Title: <iframe> element exposed across
domains via name attribute
Announced: January 31, 2012
Reporter: Vitaly Nevgen
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 10.0
Vitaly Nevgen reported that an attacker could replace a sub-frame in another domain's document by using the name attribute of the sub-frame as a form submission target. This can potentially allow for phishing attacks against users and violates the HTML5 frame navigation policy.
Firefox 3.6 and Thunderbird 3.1 are not affected by this vulnerability.