Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3422 to the following vulnerability: Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). References: https://bugzilla.novell.com/show_bug.cgi?id=413534 http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html Upstream commits (according to SuSE BZ): mono-1-9 r109358, mono-2-0 r109348 and trunk r109349 http://anonsvn.mono-project.com/viewcvs?rev=109358&view=rev
This looks to be fixed in the 2.0 RC 1 and 2.0 preview 1 candidate.
What about F8 / F9?
Current mono in Fedora is 2.6.4 or newer. No need to keep this open.