The host is missing an important security update according to Mozilla advisory, MFSA2015-78. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving crafted JavaScript code and a native setter. Successful exploitation could allow attackers to bypass the Same Origin Policy, and read arbitrary files or gai ...