Security researcher Mario Heiderich reported that javascript could be executed in the HTML feed-view using <embed> tag within the RSS <description>. This problem is due to <embed> tags not being filtered out during parsing and can lead to a potential cross-site scripting (XSS) attack. The flaw existed in a parser utility class and could affect other parts of the browser or add-ons which rely on that class to sanitize untrusted input. Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-47.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Mario Heiderich as the original reporter of this issue.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1089 https://rhn.redhat.com/errata/RHSA-2012-1089.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1088 https://rhn.redhat.com/errata/RHSA-2012-1088.html