Endpoint Vulnerability

Privacy leak in JavaScript Workers

Description

Mozilla security researcher Frederik Braun discovered that since Firefox 15 the file system location of the active browser profile was available to JavaScript workers. While not dangerous by itself, this could potentially be combined with other vulnerabilities to target the profile in an attack.

Affected Products

Firefox,Firefox ESR

References

CVE-2013-0774,