Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. The Location object is supported by all major browsers and contains information about the URL being requested. The true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. Another issue centers on the CheckURL function, which could be used during an XSS attack or to execute malicious code.
Source: https://thehackernews.com/2012/10/firefox-1602-available-cross-site.html