Endpoint Vulnerability

Same-origin bypass with web workers and XMLHttpRequest

Description

Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers.

Affected Products

Firefox,Firefox ESR

References

CVE-2013-1714,