Comcast Webmail AT+T Message Center version 1 had a flaw that allowed arbitrary code execution client-side due to the allowance of inbound HTML mail to be executed outside of the restricted zone.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/33849/comcastWebmail.txt
Source: https://packetstormsecurity.com/files/33849/comcastWebmail.txt.html