Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering.
Name: the Mozilla project
Upstream: Rakesh Mane
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):