There's a vulnerability in all current versions of Mozilla Firefox that allows a web page to launch a new window with an arbitrary website in the address bar. For more details see here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1206 Specifically, the first reference of the CVE for an example: http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html I tested and it works on 3.6.4, someone could backport the patch or bump the Firefox version I guess.
The issue is not fixed yet in a released version. As per your second link, Mozilla targets it for 3.6.7. The low severity if this issue does not warrant for a backport + stable unless the Mozilla team thinks otherwise.
This has been fixed in seamonkey 2.0.6 + firefox 3.6.7, older versions are not in-tree anymore. Nothing else for mozilla team to do here. http://www.mozilla.org/security/announce/2010/mfsa2010-45.html
GLSA Vote: yes.
Vote: YES. Added to pending GLSA request.
CVE-2010-1206 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206): The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).