Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.
lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html
lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html
secunia.com/advisories/42716
secunia.com/advisories/42818
support.avaya.com/css/P8/documents/100124650
www.debian.org/security/2010/dsa-2132
www.mandriva.com/security/advisories?name=MDVSA-2010:251
www.mozilla.org/security/announce/2010/mfsa2010-84.html
www.redhat.com/support/errata/RHSA-2010-0966.html
www.securityfocus.com/bid/45353
www.securitytracker.com/id?1024851
www.ubuntu.com/usn/USN-1019-1
www.vupen.com/english/advisories/2011/0030
bugzilla.mozilla.org/show_bug.cgi?id=601429
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348