CVE 2011-2369
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.
See the 
CVE page on Mitre.org
for more details.
