Yazan Tommalieh discovered a flaw that once users have viewed the default Firefox start page (about:home), subsequent pages they navigate to in that same tab could use script to activate the buttons that were on the about:home page. Most of these simply open Firefox dialogs such as Settings or History, which might alarm users. In some cases a malicious page could trigger session restore and cause data loss if the current tabs are replaced by a previously stored set. External Reference: http://www.mozilla.org/security/announce/2014/mfsa2014-10.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yazan Tommalieh as the original reporter. Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6