Endpoint Vulnerability

Privacy leak in JavaScript Workers

Description

Mozilla security researcher Frederik Braun discovered that since Firefox 15 the file system location of the active browser profile was available to JavaScript workers. While not dangerous by itself, this could potentially be combined with other vulnerabilities to target the profile in an attack.

Affected Products

SeaMonkey

References

CVE-2013-0774,