From CVE-2010-1201:
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
From the Red Hat Bugzilla entry for CVE-2010-0183: Security researcher wushi of team509 reported that the frame construction
process for certain types of menus could result in a menu containing a
pointer to a previously freed menu item. During the cycle collection
process this freed item could be accessed, resulting in the execution of a
section of code potentially controlled by an attacker.
From the Red Hat Bugzilla entry for CVE-2008-5913: An unspecified function in the JavaScript implementation in Mozilla
Firefox creates and exposes a "temporary footprint" when there is a
current login to a web site, which makes it easier for remote
attackers to trick a user into acting upon a spoofed pop-up message,
aka an "in-session phishing attack."
