My apologies, I wasn't sure if this was a legitimate security threat or bug. Older mozilla-nss libraries and static browser builds don't flag this yet so I'll report it to the webmaster.