So what? It is very difficult to forge referrers from a malicious website, however, with the help of the mod_rewrite apache module it is possible to create referrer strings which contain malicious strings.
The process for exploitation is as follows:
Note that this is far harder to exploit in Firefox. This is because of the way the URLs are encoded, making it very difficult to inject anything other than a style tag and, as mentioned in my previous post, Firefox does not yet support loading of XBL documents without a fragment identifier.
To protect against this type of injection you should always filter ANY input passed directly to the page... even HTTP headers.