Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
https://bugzilla.mozilla.org/show_bug.cgi?id=579744
http://secunia.com/advisories/42867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11735
http://support.avaya.com/css/P8/documents/100110210
http://support.avaya.com/css/P8/documents/100112690
http://www.debian.org/security/2010/dsa-2106
http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
http://www.mozilla.org/security/announce/2010/mfsa2010-61.html