Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2015-108

Scripted proxies can access inner window

Announced
September 22, 2015
Reporter
André Bargull
Impact
Moderate
Products
Firefox, Firefox OS, SeaMonkey
Fixed in
  • Firefox 41
  • Firefox OS 2.5
  • SeaMonkey 2.38

Description

Security researcher André Bargull reported that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window in violation of the specification.

References