Multiple Mozilla products contain a flaw that is triggered by the true value of window.location being shadowed via user-supplied input passed to the valueOf method. This may allow a remote attacker to perform a cross-site scripting attack, when combined with certain unspecified plugins.
Loss of Integrity
Upgrade Firefox and Thunderbird to version 16.0.2 (10.0.10 ESR) or higher, and SeaMonkey to version 2.13.2 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.