|Mozilla Firefox 220.127.116.11, and other versions before 18.104.22.168, allows
remote attackers to bypass cross-site scripting (XSS) protection
mechanisms and conduct XSS attacks via HTML-escaped low surrogate
characters that are ignored by the HTML parser, as demonstrated by a
"jav�ascript" sequence, aka "HTML escaped low surrogates bug."