Security researcher Eduardo Vela N reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.
This is now public: http://www.mozilla.org/security/announce/2010/mfsa2010-69.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0782 https://rhn.redhat.com/errata/RHSA-2010-0782.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0861 https://rhn.redhat.com/errata/RHSA-2010-0861.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0896 https://rhn.redhat.com/errata/RHSA-2010-0896.html