Mozilla Foundation Security Advisory 2013-107

Sandbox restrictions not applied to nested object elements

Announced
December 10, 2013
Reporter
Daniel Veditz
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 26
  • SeaMonkey 2.23

Description

Mozilla security developer Daniel Veditz discovered that <iframe sandbox> restrictions are not applied to an <object> element contained within a sandboxed iframe. This could allow content hosted within a sandboxed iframe to use <object> element to bypass the sandbox restrictions that should be applied.

References