Arbitrary Code Execution via Bookmarklets in Mozilla Firefox New Tab Page

Arbitrary Code Execution via Bookmarklets in Mozilla Firefox New Tab Page

CVE-2012-4203 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.