It is possible for a Bugzilla user to take advantage of character set encoding ambiguities to inject HTML into Bugzilla comments. This could include malicious scripts. Due to internationalization concerns, we are unable to incorporate by default the code changes suggested by the CERT advisory on this issue. Making the change in Example 4-4 will prevent this problem.