Security service provider Secunia has discovered a critical vulnerability in the Wikipedia Toolbar extension for Firefox that can be exploited by an attacker to compromise a victim's system. According to the report the cause of the problem is due to the application using invalidated input in a call to eval() which can be exploited to execute arbitrary JavaScript code.
Once exploited, the JavaScript runs with system privileges that allow it to access system resources. For an attack to be successful, a victim must first visit a specially crafted web page and be tricked into using certain Toolbar buttons.

The link for this article located at H Security is no longer available.