Arbitrary code execution within Profiler

2013-06-25T00:00:00
ID MFSA2013-52
Type mozilla
Reporter Mozilla Foundation
Modified 2013-06-25T00:00:00

Description

Security researcher Mariusz Mlynski reported that when a user examines the profiler output on a malicious website containing specially crafted code, it is possible for arbitrary code execution to occur. This occurs because the profiler user interface runs in a special iframe that parses data from the profiler to render the UI, leaving it susceptible to manipulation.