|Mozilla Firefox 188.8.131.52, and other versions before 184.108.40.206, allows
remote attackers to bypass cross-site scripting (XSS) protection
mechanisms and conduct XSS attacks via HTML-escaped low surrogate
characters that are ignored by the HTML parser, as demonstrated by a
"jav�ascript" sequence, aka "HTML escaped low surrogates bug."