Mozilla Firefox prior to 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets
mozilla firefox