Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.

在Firefox 1.0之前，用户可以将(1)javascript：或(2)data:URL作为Livefeed书签，然后将其存储在当前加载页面的安全上下文中，当您稍后访问该书签时，它会被执行。这可能导致远程攻击者执行任意代码。

NVD 暂无评分

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）