Mozilla

Mozilla Foundation Security Advisory 2013-57

Sandbox restrictions not applied to nested frame elements

Announced
June 25, 2013
Reporter
Bob Owen
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 22
  • SeaMonkey 2.19

Description

Mozilla community member Bob Owen reported that <iframe sandbox> restrictions are not applied to a frame element contained within a sandboxed iframe. As a result, content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied.

References