Security researcher Masato Kinugawa found that during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On certain pages it might be possible for an attacker to pad the output of the page such that these errors fall in the right place to affect the structure of the page, allowing for cross-site script (XSS) injection. Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:0516 https://rhn.redhat.com/errata/RHSA-2012-0516.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:0515 https://rhn.redhat.com/errata/RHSA-2012-0515.html