Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2014-82

Accessing cross-origin objects via the Alarms API

Announced
October 14, 2014
Reporter
Boris Zbarsky
Impact
High
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 33
  • Firefox ESR 31.2

Description

Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe's location object, as part of an alarm's JSON data. This allows a malicious app to bypass same-origin policy.

Users are only at risk for this issue if a web app has been installed.

References