|Mozilla Firefox 22.214.171.124, and other versions before 126.96.36.199, allows
remote attackers to bypass cross-site scripting (XSS) protection
mechanisms and conduct XSS attacks via HTML-escaped low surrogate
characters that are ignored by the HTML parser, as demonstrated by a
"jav�ascript" sequence, aka "HTML escaped low surrogates bug."