Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Script entered into Developer Toolbar runs with chrome privileges

Related Vulnerabilities: CVE-2012-5837  

Source

Mozilla Foundation Security Advisory 2012-102

Script entered into Developer Toolbar runs with chrome privileges

Announced
November 20, 2012
Reporter
Masato Kinugawa
Impact
High
Products
Firefox
Fixed in
  • Firefox 17

Description

Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting (XSS) if a user can be convinced to paste malicious code into the Developer Toolbar.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started