The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
http://secunia.com/advisories/21949
http://secunia.com/advisories/21950
http://secunia.com/advisories/22001
http://secunia.com/advisories/22025
http://secunia.com/advisories/22056
http://secunia.com/advisories/22066
http://secunia.com/advisories/22195
http://secunia.com/advisories/22210
http://secunia.com/advisories/22422
http://secunia.com/advisories/24711
http://security.gentoo.org/glsa/glsa-200609-19.xml
http://securitytracker.com/id?1016849
https://exchange.xforce.ibmcloud.com/vulnerabilities/28957
https://issues.rpath.com/browse/RPL-640
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
http://www.mozilla.org/security/announce/2006/mfsa2006-62.html
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
http://www.redhat.com/support/errata/RHSA-2006-0675.html
http://www.ubuntu.com/usn/usn-351-1
http://www.ubuntu.com/usn/usn-354-1
http://www.vupen.com/english/advisories/2006/3748