|Mozilla Firefox 184.108.40.206, and other versions before 220.127.116.11, allows
remote attackers to bypass cross-site scripting (XSS) protection
mechanisms and conduct XSS attacks via HTML-escaped low surrogate
characters that are ignored by the HTML parser, as demonstrated by a
"jav�ascript" sequence, aka "HTML escaped low surrogates bug."