Mozilla Foundation Security Advisory 2008-43
Fixed in: Firefox 3.0.2 Firefox 22.214.171.124 Thunderbird 126.96.36.199 SeaMonkey 1.1.12 Description
Security researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped. This issue could potentially be used to bypass naive script filtering and used in an XSS attack. This issue only affected Firefox 2.
* Stripped BOM characters * CVE-2008-4065 * HTML escaped low surrogates bug * CVE-2008-4066