+++ This bug was initially created as a clone of Bug #183537 +++ There exists a remotely exploitable code execution vulnerability in Mozilla Firefox related to the order tags appear in an HTML document. It is possible for a malicious web page to execute arbitrary code as the user running Firefox. Proposed upstream patch is attachment 125496 [details]
Lifting embargo
This doesn't appear to ever have been fixed. Remotely-exploitable vulnerability, too. :(
Hmmm, okay, looks like this issue is fixed in 1.0.8, and there *was* an update to that, and apparently before the embargo was lifted (hence the lack of specific mention in its changelog). The bugzilla entry just needed some lovin'. Marking closed-errata.