Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-2718

Source

Mozilla Foundation Security Advisory 2015-56

Untrusted site hosting trusted page can intercept webchannel responses

Announced

May 12, 2015

Reporter

Mark Hammond

Impact

High

Products

Firefox, Firefox OS, SeaMonkey

Fixed in

Firefox 38
Firefox OS 2.2
SeaMonkey 2.35

Description

Mozilla developer Mark Hammond reported a flaw in how WebChannel.jsm handles message traffic. He found that when a trusted page is hosted within an <iframe> on an untrusted third-party untrusted framing page, the untrusted page could intercept webchannel responses meant for the trusted page, bypassing origin restrictions.

References

Untrusted page can see webchannel responses (CVE-2015-2718)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Untrusted site hosting trusted page can intercept webchannel responses

Untrusted site hosting trusted page can intercept webchannel responses

Description

References

Vulmon Search

About

Products

Connect