Mozilla Products: IFRAME sandbox same-origin access through redirect - MFSA 2014-66 (Mac OS X)ID: oval:org.secpod.oval:def:20623 | Date: (C)2014-07-28 (M)2023-12-07 |
Class: PATCH | Family: macos |
Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an iframe sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Product: |
Mozilla Firefox |
Mozilla Thunderbird |