You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-57

Mozilla Foundation Security Advisory 2013-57

Title: Sandbox restrictions not applied to nested frame elements
Impact: Low
Announced: June 25, 2013
Reporter: Bob Owen
Products: Firefox, Seamonkey

Fixed in: Firefox 22.0
  SeaMonkey 2.19

Description

Mozilla community member Bob Owen reported that <iframe sandbox> restrictions are not applied to a frame element contained within a sandboxed iframe. As a result, content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied.

References