There's a vulnerability in all current versions of Mozilla Firefox that allows a web page to launch a new window with an arbitrary website in the address bar.
For more details see here:
Specifically, the first reference of the CVE for an example:
I tested and it works on 3.6.4, someone could backport the patch or bump the Firefox version I guess.
The issue is not fixed yet in a released version. As per your second link, Mozilla targets it for 3.6.7. The low severity if this issue does not warrant for a backport + stable unless the Mozilla team thinks otherwise.
This has been fixed in seamonkey 2.0.6 + firefox 3.6.7, older versions are not in-tree anymore. Nothing else for mozilla team to do here.
GLSA Vote: yes.
Vote: YES. Added to pending GLSA request.
The startDocumentLoad function in browser/base/content/browser.js in Mozilla
Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before
2.0.6, does not properly implement the Same Origin Policy in certain
circumstances related to the about:blank document and a document that is
currently loading, which allows (1) remote web servers to conduct spoofing
attacks via vectors involving a 204 (aka No Content) status code, and allows
(2) remote attackers to conduct spoofing attacks via vectors involving a
This issue was resolved and addressed in
GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).