Arbitrary JavaScript Code Execution via Web Console in Mozilla Firefox and Thunderbird

Arbitrary JavaScript Code Execution via Web Console in Mozilla Firefox and Thunderbird

CVE-2012-3980 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.

Learn more about our Cis Benchmark Audit For Google Chrome.