Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0182 to the following vulnerability: The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. References: http://www.mozilla.org/security/announce/2010/mfsa2010-24.html https://bugzilla.mozilla.org/show_bug.cgi?id=490790 http://www.securityfocus.com/bid/39479 This issue has been corrected upstream in Firefox 3.5.x and 3.6.x. It has not yet been addressed in Firefox 3.0.x.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0500 https://rhn.redhat.com/errata/RHSA-2010-0500.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0501 https://rhn.redhat.com/errata/RHSA-2010-0501.html