Fix a number of security bugs. (I can't see the numbers at home because

they have restricted visibility.)
r=mstoltz


git-svn-id: svn://10.0.0.236/trunk@63404 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/docshell/base/nsWebShell.cpp

@@ -1245,8 +1245,8 @@ nsWebShell::DoLoadURL(nsIURI * aUri,
   }
 
   // Fix for bug 1646.  Change the notion of current url and referrer only after
-  // the document load succeeds.
-  if (NS_SUCCEEDED(rv)) {
+  // the document load succeeds (but only if we're not targeting another window).
+  if (NS_SUCCEEDED(rv) && !aWindowTarget) {
     SetCurrentURI(aUri);
     SetReferrer(aReferrer);
   }