A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's <code>TITLE</code> element. This vulnerability allows for spoofing but no scripted content can be run. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5453 Acknowledgements: Name: the Mozilla project Upstream: Jose María Acuña