firefox is vulnerable to authorization bypass. The vulnerability exists as a flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document.
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
mozilla.com/en-US/firefox/3.6.4/releasenotes/
mozilla.com/en-US/firefox/3.6/releasenotes/
mozilla.org/security/known-vulnerabilities/firefox35.html
secunia.com/advisories/39397
support.avaya.com/css/P8/documents/100091069
ubuntu.com/usn/usn-921-1
www.mandriva.com/security/advisories?name=MDVSA-2010:070
www.mozilla.org/security/announce/2010/mfsa2010-24.html
www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.4
www.redhat.com/security/updates/classification/#critical
www.redhat.com/support/errata/RHSA-2010-0500.html
www.redhat.com/support/errata/RHSA-2010-0501.html
www.securityfocus.com/bid/39479
www.vupen.com/english/advisories/2010/0748
www.vupen.com/english/advisories/2010/0849
www.vupen.com/english/advisories/2010/1557
access.redhat.com/errata/RHSA-2010:0501
bugzilla.mozilla.org/show_bug.cgi?id=490790
exchange.xforce.ibmcloud.com/vulnerabilities/57396
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375