A shared worker created from a “data:” URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 16.04 | |
ubuntu_linux | eq | 14.04 | |
ubuntu_linux | eq | 17.10 | |
firefox | lt | 59.0 |