Mozilla’s Cross Reference sub-domains suffer from a cross-site scripting (XSS) vulnerability. The vulnerability has been submitted in Mozillas Bugzilla bug tracker on Sunday and has not yet received a fix. A Proof-of-Concept video validates the existence of an XSS flaw in Mozilla’s subdomains has also been published. Even if the exploitability of the flaw is very low, if one attacker exploits it, he may cause great damage as the content of the two sub-DOMains varies from source codes to extensions and toolbars.”]