Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page and leading to information disclosure.
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page and leading to information disclosure.
https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7787 https://bugzilla.mozilla.org/show_bug.cgi?id=1322896