You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-52
Mozilla Foundation Security Advisory 2013-52
Title: Arbitrary code execution within
Profiler
Impact: High
Announced: June 25, 2013
Reporter: Mariusz Mlynski
Products: Firefox
Fixed in: Firefox 22.0
Description
Security researcher Mariusz Mlynski reported that when a
user examines the profiler output on a malicious website containing specially
crafted code, it is possible for arbitrary code execution to occur. This occurs
because the profiler user interface runs in a special iframe that
parses data from the profiler to render the UI, leaving it susceptible to
manipulation.
