|Mozilla Firefox before 126.96.36.199 does not prevent use of document.write
to replace an IFRAME (1) during the load stage or (2) in the case of
an about:blank frame, which allows remote attackers to display
code that intercepts keystroke values from window.event, aka the
"promiscuous IFRAME access bug," a related issue to CVE-2006-4568.