Cross-origin information leak through web workers error events

2015-12-15T00:00:00
ID MFSA2015-140
Type mozilla
Reporter Mozilla Foundation
Modified 2015-12-15T00:00:00

Description

Security researcher Masato Kinugawa reported a cross-origin information leak through the error events in web workers. This violates same-origin policy and the leaked information could potentially be used by a malicious party to gather authentication tokens and other data from third-party websites.

This issue affects other browsers as well and is not limited to Mozilla products.