Mozilla contributor moz_bug_r_a4 demonstrated that
the addEventListener
method could be used to inject
script into another site in violation of the browser's same-origin
policy. This could be used to access or modify private or valuable
information from that other site.
Disable JavaScript until a fixed version can be installed.