As reported in the Spread Firefox forums, there appears to be a filtering vulnerability when certain escaped characters are used to write out a script command launched from an href="javascript" link:

Demos

This script will launch 5 popup windows.

Another Example.

Comments

Steven’s picture

Steven CreditAttribution: Steven commented

Fixed in CVS for head, 4.5 and 4.4.

Anonymous’s picture

(not verified) CreditAttribution: commented