Mozilla Foundation Security Advisory 2014-13
access to Window objects
Announced: February 4, 2014
Reporter: Boris Zbarsky
Products: Firefox, Thunderbird, Seamonkey
Fixed in: Firefox 27
Firefox ESR 24.3
Mozilla developer Boris Zbarsky reported an inconsistency
window objects are handled by these engines. This inconsistency can
security issue with window handling by bypassing of some security checks.
In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts.