CVE-2008-0416 describes cross site scripting (XSS) bugs in the Mozilla products. It is possible that these flaws could be used by malicious web content to steal information or trick a user into disclosing private data.
Keep this embargoed until upstream makes it public.
Lifting embargo, this issue is public: http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0104.html http://rhn.redhat.com/errata/RHSA-2008-0103.html