Manfred Paul discovered a flaw in the Mozilla Firefox web browser, allowing an attacker to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.
https://security-tracker.debian.org/tracker/DSA-5645-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-5645-1
Continue reading...