Red Hat Bugzilla – Bug 463243
Last modified: 2010-03-22 15:35:29 EDT
From MFSA 2008-43:
Security researcher Gareth Heyes reported an issue with the HTML parser in
which the parser ignored certain low surrogate characters if they were
HTML-escaped. This issue could potentially be used to bypass naive script
filtering and used in an XSS attack. This issue only affected Firefox 2.
This is now public
thunderbird-220.127.116.11-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-18.104.22.168-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.