Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2013-73

Same-origin bypass with web workers and XMLHttpRequest

Announced
August 6, 2013
Reporter
Federico Lanusse
Impact
High
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 23
  • Firefox ESR 17.0.8
  • SeaMonkey 2.20
  • Thunderbird 17.0.8
  • Thunderbird ESR 17.0.8

Description

Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers.

In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.

References