CVE-2013-1696
Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.
Date published : 2013-06-25
http://www.mozilla.org/security/announce/2013/mfsa2013-58.html