Mozilla Foundation Security Advisory 2015-140

Cross-origin information leak through web workers error events

Announced
December 15, 2015
Reporter
Masato Kinugawa
Impact
High
Products
Firefox
Fixed in
  • Firefox 43

Description

Security researcher Masato Kinugawa reported a cross-origin information leak through the error events in web workers. This violates same-origin policy and the leaked information could potentially be used by a malicious party to gather authentication tokens and other data from third-party websites.

This issue affects other browsers as well and is not limited to Mozilla products.

References