Mozilla security developer Daniel Veditz discovered that
<iframe sandbox>
restrictions are not applied to an
<object>
element contained within a sandboxed iframe. This
could allow content hosted within a sandboxed iframe to use
<object>
element to bypass the sandbox restrictions that
should be applied.