• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-102

Mozilla Foundation Security Advisory 2012-102

Title: Script entered into Developer Toolbar runs with chrome privileges
Impact: High
Announced: November 20, 2012
Reporter: Masato Kinugawa
Products: Firefox

Fixed in: Firefox 17.0

Description

Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting (XSS) if a user can be convinced to paste malicious code into the Developer Toolbar.

References

• XSS in Web Developer Toolbar's chrome privilege page
• CVE-2012-5837