Mozilla developer Mark Hammond reported a flaw in how
WebChannel.jsm
handles message traffic. He found that
when a trusted page is hosted within an <iframe>
on an
untrusted third-party untrusted framing page, the untrusted page could intercept webchannel responses meant for the trusted page, bypassing origin restrictions.