Vitaly Nevgen reported that an attacker could replace a sub-frame in another domain's document by using the name attribute of the sub-frame as a form submission target. This can potentially allow for phishing attacks against users and violates the HTML5 frame navigation policy.
Firefox 3.6 and Thunderbird 3.1 are not affected by this vulnerability.
Vulmon