MFSA 2009-22: Firefox allows Refresh header to redirect to
javascript: URIs
MFSA 2009-21: POST data sent to wrong site when saving web page
with embedded frame
MFSA 2009-20: Malicious search plugins can inject code into
arbitrary sites
MFSA 2009-19: Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString
MFSA 2009-18: XSS hazard using third-party stylesheets and XBL
bindings
MFSA 2009-17: Same-origin violations when Adobe Flash loaded via
view-source: scheme
MFSA 2009-16: jar: scheme ignores the content-disposition: header
on the inner URI
MFSA 2009-15: URL spoofing with box drawing character
MFSA 2009-14 Crashes with evidence of memory corruption
(rv:1.9.0.9)