The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/39397
http://support.avaya.com/css/P8/documents/100091069
http://ubuntu.com/usn/usn-921-1
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
http://www.redhat.com/support/errata/RHSA-2010-0500.html
http://www.redhat.com/support/errata/RHSA-2010-0501.html
http://www.securityfocus.com/bid/39479
http://www.vupen.com/english/advisories/2010/0748
http://www.vupen.com/english/advisories/2010/0849
http://www.vupen.com/english/advisories/2010/1557
https://bugzilla.mozilla.org/show_bug.cgi?id=490790
https://exchange.xforce.ibmcloud.com/vulnerabilities/57396
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375