Mozilla Foundation Security Advisory 2012-104
Title: CSS and HTML injection through Style Inspector
Announced: November 20, 2012
Reporter: Mariusz Mlynski
Fixed in: Firefox 17.0
Firefox ESR 10.0.11
Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution.