Manfred Paul discovered a flaw in the Mozilla Firefox web browser,
allowing an attacker to inject an event handler into a privileged object
that would allow arbitrary JavaScript execution in the parent process.

https://security-tracker.debian.org/tracker/DSA-5645-1

Read More