Zero Day Initiative Advisory 10-019 – This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross domain policy enforcement. Through usage of the showModalDialog() JavaScript method an attacker can gather sensitive information from another website. This vulnerability can be exploited to obtain website credentials not originating from the attacking site.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86500/ZDI-10-019.txt
Source: https://packetstormsecurity.com/files/86500/Zero-Day-Initiative-Advisory-10-019.html