Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
Exploitability
AV:NAC:MAu:NImpact
C:PI:PA:P6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P