Arbitrary Code Execution via Bookmarklets in Mozilla Firefox New Tab Page
CVE-2012-4203 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.
Learn more about our Cis Benchmark Audit For Mozilla Firefox.