"The SeaMonkey project has updated the SeaMonkey Internet suite to patch three security vulnerabilities including one that could allow a cross site scripting attack by exploiting a jar:// protocol weakness..."
ftp://ftp.mozilla.org/pub/seamonkey/releases/1.1.7/
Full story »