Comment 1 for bug 265656

I believe this report is out of date. All known cross-site
scripting attacks have been fixed as of MM2.0.10 and I don't
believe MM2.1b2 is vulnerable. I double checked the code in
each version and indeed both versions make sure to quote any
html in subjects.

Can you please double check the latest versions (2.0.10 and
2.1cvs).