Bug 316394 covered both CSS escapes and HTML numeric entities.
This has now been posted to a higher profile site (microsoft) http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx
The branch merge for bug 316394 fixes this testcase.
Fixed by backporting bug 316394. I checked in an HTML test for this. We can use bug 316394 to track the xpcom unit tests needed here.
Verified FIXED using : Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/2008082909 Firefox/18.104.22.168, which yields http://www.moz�illa.com/. Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:22.214.171.124) Gecko/2008070205 Firefox/126.96.36.199, however, has http://www.mozilla.com. Replacing fixed188.8.131.52 keyword with verified184.108.40.206; additionally, since this bug seems scoped to the 1.8 branch, marking its state as VERIFIED FIXED.