Security researcher O. Andersen reported that undefined positions within
various 8 bit character encodings are mapped to the sequence U+FFFD which
when displayed causes the immediately following character to disappear from
the text run. This could potentially contribute to XSS problems on sites
which expected extra characters to be present within strings being
sanitized on the server.
This is now public: http://www.mozilla.org/security/announce/2010/mfsa2010-44.html
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0547 https://rhn.redhat.com/errata/RHSA-2010-0547.html
xulrunner-126.96.36.199-1.fc13, firefox-3.6.7-1.fc13, mozvoikko-1.0-12.fc13, gnome-web-photo-0.9-10.fc13, perl-Gtk2-MozEmbed-0.08-6.fc13.15, gnome-python2-extras-2.25.3-20.fc13, galeon-2.0.7-30.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
thunderbird-3.1.1-1.fc13, sunbird-1.0-0.26.b2pre.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.