Long story short, a bug has surfaced in WordPress 2.6.2. It allows for the injection of the following code (or stuff similar to it):
<p><span style=“padding: 1px 4px; position: absolute; z-index: 10000; cursor: pointer; left: 395px; top: 745px; color: #000000;”>save</span></p>
The above string does not appear in HTML view. The only options I can come up with to fix it, are to switch to plain text editor, or remove it from the SQL tables.
And yeah, this happened during CTIA, quite embarrassing to have four of those hanging around on PhoneNews.com’s front page… here’s what it looked like:
I don’t normally post on WordPress codex, but I’ll schedule posting it over there if nobody else does in the next couple of days. This appears to affect Firefox 3 mostly… I’m telling my staff to switch to Safari or Chrome until the next update (or we get a patch).