Mozilla Foundation Security Advisory 2014-09
Title: Cross-origin information leak through web
Announced: February 4, 2014
Reporter: Masato Kinugawa
Products: Firefox, Thunderbird, Seamonkey
Fixed in: Firefox 27
Firefox ESR 24.3
Security researcher Masato Kinugawa reported a cross-origin information leak through web workers' error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites.
In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts.