Mozilla Foundation Security Advisory 2015-140
Cross-origin information leak through web workers error events
- December 15, 2015
- Masato Kinugawa
- Fixed in
- Firefox 43
Security researcher Masato Kinugawa reported a cross-origin information leak through the error events in web workers. This violates same-origin policy and the leaked information could potentially be used by a malicious party to gather authentication tokens and other data from third-party websites.
This issue affects other browsers as well and is not limited to Mozilla products.