Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Web console eval capable of executing chrome-privileged code

Related Vulnerabilities: CVE-2012-3980  

Source

Mozilla Foundation Security Advisory 2012-72

Web console eval capable of executing chrome-privileged code

Announced
August 28, 2012
Reporter
Colby Russell
Impact
High
Products
Firefox, Firefox ESR, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 15
  • Firefox ESR 10.0.7
  • Thunderbird 15
  • Thunderbird ESR 10.0.7

Description

Security researcher Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. This allows for arbitrary code execution through a malicious web page if the web console is invoked by the user.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started