Endpoint Vulnerability

Scripted proxies can access inner window

Description

Security researcher Andr Bargull reported that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window in violation of the specification.

Affected Products

SeaMonkey

References

CVE-2015-4502,