Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in SessionStore by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser's same-origin policy and perform an XSS attack while SessionStore data is being restored. moz_bug_r_a4 also reported that one particular SessionStore vulnerability could be used by an attacker to run arbitrary JavaScript with chrome privileges.
This is now public: http://www.mozilla.org/security/announce/2008/mfsa2008-69.html
xulrunner-1.9.0.5-1.fc10, firefox-3.0.5-1.fc10, epiphany-2.24.1-3.fc10, epiphany-extensions-2.24.0-3.fc10, blam-1.8.5-5.fc10, devhelp-0.22-2.fc10, evolution-rss-0.1.2-3.fc10, galeon-2.0.7-4.fc10, gecko-sharp2-0.13-3.fc10, gnome-python2-extras-2.19.1-25.fc10, gnome-web-photo-0.3-13.fc10, google-gadgets-0.10.3-2.fc10, kazehakase-0.5.6-1.fc10.2, Miro-1.2.7-3.fc10, mozvoikko-0.9.5-5.fc10, mugshot-1.2.2-4.fc10, pcmanx-gtk2-0.3.8-4.fc10, ruby-gnome2-0.18.1-2.fc10, yelp-2.24.0-4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
xulrunner-1.9.0.5-1.fc9, firefox-3.0.5-1.fc9, epiphany-2.22.2-6.fc9, epiphany-extensions-2.22.1-6.fc9, blam-1.8.5-4.fc9.1, cairo-dock-1.6.3.1-1.fc9.2, chmsee-1.0.1-7.fc9, devhelp-0.19.1-7.fc9, evolution-rss-0.1.0-5.fc9, galeon-2.0.7-4.fc9, gnome-python2-extras-2.19.1-22.fc9, gnome-web-photo-0.3-16.fc9, google-gadgets-0.10.3-2.fc9, gtkmozembedmm-1.4.2.cvs20060817-24.fc9, kazehakase-0.5.6-1.fc9.2, Miro-1.2.7-3.fc9, mozvoikko-0.9.5-5.fc9, mugshot-1.2.2-4.fc9, ruby-gnome2-0.17.0-4.fc9, totem-2.23.2-9.fc9, yelp-2.22.1-7.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
firefox-2.0.0.19-1.fc8, epiphany-2.20.3-9.fc8, epiphany-extensions-2.20.1-12.fc8, blam-1.8.3-20.fc8, cairo-dock-1.6.3.1-1.fc8.2, chmsee-1.0.0-6.31.fc8, devhelp-0.16.1-12.fc8, evolution-rss-0.0.8-14.fc8, galeon-2.0.4-7.fc8.3, gnome-python2-extras-2.19.1-20.fc8, gnome-web-photo-0.3-15.fc8, kazehakase-0.5.6-1.fc8.2, liferea-1.4.15-6.fc8, Miro-1.2.7-3.fc8, openvrml-0.17.10-3.0.fc8, ruby-gnome2-0.17.0-4.fc8, yelp-2.20.0-15.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via: Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:1036 Red Hat Enterprise Linux version 5 (firefox) RHSA-2008:1036 Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:1037 Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2008:1037 Red Hat Enterprise Linux version 4 (seamonkey) RHSA-2008:1037 Red Hat Enterprise Linux version 4 (thunderbird) RHSA-2009:0002 Red Hat Enterprise Linux Desktop version 5 (thunderbird) RHSA-2009:0002 RHEL Optional Productivity Applications version 5 (thunderbird) RHSA-2009:0002