Mozilla developer Wladimir Palant reported that stylesheets used in remote XUL documents can wind up in the XUL cache where it can later be accessed by browser chrome for use in styling the user interface. A malicious website could use this issue to pollute a user's XUL cache and change style attributes of their browser such as font size and color.
Upstream advisory: http://www.mozilla.org/security/announce/2010/mfsa2010-14.html This was fixed in upstream Firefox 3.0.18, and via RHSA-2010:0112 in Red Hat Enterprise Linux 4 and 5. https://rhn.redhat.com/errata/RHSA-2010-0112.html
A patch was applied to correct this in Red Hat Enterprise Linux 3 and 4 (Seamonkey) via RHSA-2010:0113: https://rhn.redhat.com/errata/RHSA-2010-0113.html A patch was applied to correct this in Red Hat Enterprise Linux 4 (Thunderbird) via RHSA-2010:0154: https://rhn.redhat.com/errata/RHSA-2010-0154.html A patch was applied to correct this in Red Hat Enterprise Linux 5 (Thunderbird) via RHSA-2010:0153: https://rhn.redhat.com/errata/RHSA-2010-0153.html