Yazan Tommalieh discovered a flaw that once users have viewed the default Firefox start page (about:home), subsequent pages they navigate to in that same tab could use script to activate the buttons that were on the about:home page. Most of these simply open Firefox dialogs such as Settings or History, which might alarm users. In some cases a malicious page could trigger session restore and cause data loss if the current tabs are replaced by a previously stored set. 


External Reference:

http://www.mozilla.org/security/announce/2014/mfsa2014-10.html


Acknowledgements:

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yazan Tommalieh as the original reporter.

Statement:

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6