"Mozilla Corp. will delay the next security update for Firefox
so it can test a fix for a flaw that could be used by attackers by
skirt security restrictions.
"The flaw, disclosed Feb. 14 by Polish researcher Michal
Zalewski on the Full-Disclosure security mailing list, could let a
malicious site manipulate the authentication cookies for other
sites' pages. It is present in the most recent version of the
open-source browser, 22.214.171.124..."