Security researcher Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. This allows for arbitrary code execution through a malicious web page if the web console is invoked by the user. Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-72.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security Security researcher Colby Russell as the original reporter.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1211 https://rhn.redhat.com/errata/RHSA-2012-1211.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2012:1210 https://rhn.redhat.com/errata/RHSA-2012-1210.html