• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-57

Mozilla Foundation Security Advisory 2013-57

Title: Sandbox restrictions not applied to nested frame elements
Impact: Low
Announced: June 25, 2013
Reporter: Bob Owen
Products: Firefox, Seamonkey

Fixed in: Firefox 22.0
  SeaMonkey 2.19

Description

Mozilla community member Bob Owen reported that <iframe sandbox> restrictions are not applied to a frame element contained within a sandboxed iframe. As a result, content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied.

References

• Frame DocShells do not inherit sandbox flags from their parents (CVE-2013-1695)