CVE-2012-3980: Mozilla: Web console eval capable of executing chrome-privileged code (MFSA 2012-72)

Severity: Critical

CVSS Score: 9.3

The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.