Mozilla Foundation Security Advisory 2013-52

Arbitrary code execution within Profiler

Announced

June 25, 2013

Reporter

Mariusz Mlynski

Impact

High

Products

Firefox

Fixed in

Firefox 22

Description

Security researcher Mariusz Mlynski reported that when a user examines the profiler output on a malicious website containing specially crafted code, it is possible for arbitrary code execution to occur. This occurs because the profiler user interface runs in a special iframe that parses data from the profiler to render the UI, leaving it susceptible to manipulation.

References

Arbitrary code execution from Profiler (CVE-2013-1688)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2013-52

Arbitrary code execution within Profiler

Description

References