Security researcher Masato Kinugawa reported a cross-origin information leak through web workers' error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites.
In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts.