Index: /CKEditor/branches/versions/3.6.x/CHANGES.html
===================================================================
--- /CKEditor/branches/versions/3.6.x/CHANGES.html	(revision 7706)
+++ /CKEditor/branches/versions/3.6.x/CHANGES.html	(revision 7707)
@@ -35,4 +35,11 @@
 		CKEditor Changelog
 	</h1>
+	<h3>
+			CKEditor 3.6.6.2</h3>
+	<p>
+			Fixed issues:</p>
+	<ul>
+		<li>Security update: Fixed XSS vulnerability in the Preview plugin reported by Mario Heiderich of <a href="https://cure53.de/" rel="noreferrer">Cure53</a>.</li>
+	</ul>
 	<h3>
 			CKEditor 3.6.6.1</h3>
Index: /CKEditor/branches/versions/3.6.x/_source/plugins/preview/preview.html
===================================================================
--- /CKEditor/branches/versions/3.6.x/_source/plugins/preview/preview.html	(revision 7706)
+++ /CKEditor/branches/versions/3.6.x/_source/plugins/preview/preview.html	(revision 7707)
@@ -1,10 +1,13 @@
-<script>
+<script>
 
-var doc = document;
-doc.open();
-doc.write( window.opener._cke_htmlToLoad );
-doc.close();
+// Prevent from DOM clobbering.
+if ( typeof window.opener._cke_htmlToLoad == 'string' ) {
+	var doc = document;
+	doc.open();
+	doc.write( window.opener._cke_htmlToLoad );
+	doc.close();
 
-delete window.opener._cke_htmlToLoad;
+	delete window.opener._cke_htmlToLoad;
+}
 
 </script>