Mozilla security developer Daniel Veditz discovered that lt;iframe sandboxgt; restrictions are not applied to an lt;objectgt; element contained within a sand boxed iframe. This could allow content hosted within a sand boxed iframe to use lt;objectgt; element to bypass the sandbox restrictions that should be applied.