POSTing the string: foobar" onclick="alert(123); in the username field results in the following HTML in the response: <input name="name" id="nameid" tabindex="2" value="foobar" onclick="alert(123);" type="text"> Recommend using htmlentities to encode quotes, brackets, etc. in the output.
On the registration page: http://devmo.dekiwiki.mozilla.org/index.php?title=Special:Userlogin®ister=true the email parameter is also vulnerable. Sample attack string: email@example.com" onclick="alert(123);
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.