Mozilla security researcher moz_bug_r_a4 reported
that the wrapper class XPCSafeJSObjectWrapper
(SJOW) on
the Mozilla 1.9.1 development branch has a logical error in its
scripted function implementation that allows the caller to run the
function within the context of another site. This is a violation of
the same-origin policy and could be used to mount an XSS attack.