Mozilla security researcher moz_bug_r_a4 reported
that a chrome XBL method can be used in conjuction
with window.eval
to execute arbitrary JavaScript within
the context of another website, violating the same origin policy.
Firefox 2 releases are not affected.
Disable JavaScript until a version containing these fixes can be installed.