Endpoint Vulnerability

Cross-origin information leak through web workers

Description

Security researcher Masato Kinugawa reported a cross-origin information leak through web workers' error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites.

Affected Products

Thunderbird

References

CVE-2014-1487,