Mozilla Foundation Security Advisory 2015-56
Untrusted site hosting trusted page can intercept webchannel responses
- Announced
- May 12, 2015
- Reporter
- Mark Hammond
- Impact
- High
- Products
- Firefox, Firefox OS, SeaMonkey
- Fixed in
-
- Firefox 38
- Firefox OS 2.2
- SeaMonkey 2.35
Description
Mozilla developer Mark Hammond reported a flaw in how
WebChannel.jsm
handles message traffic. He found that
when a trusted page is hosted within an <iframe>
on an
untrusted third-party untrusted framing page, the untrusted page could intercept webchannel responses meant for the trusted page, bypassing origin restrictions.