NISCC testing of implementations of the S/MIME protocol uncovered a number of bugs in NSS versions prior to 3.9. The parsing of unexpected ASN.1 constructs within S/MIME data could cause Mozilla to crash or consume large amounts of memory. A remote attacker could potentially trigger these bugs by sending a carefully-crafted S/MIME message to a victim. Andreas Sandblad discovered a cross-site scripting issue that affects various versions of Mozilla. When linking to a new page it is still possible to interact with the old page before the new page has been successfully loaded. Any Javascript events will be invoked in the context of the new page, making cross-site scripting possible if the different pages belong to different domains. CAN-2003-0564/2004-0191 Affects: FC1 to match http://rhn.redhat.com/errata/RHSA-2004-110.html
Hmmm... still not fixed in FC1?
FC1 was transferred to the Fedora Legacy project. This issue is fixed in FC2 and FC3.