The importScripts function in the Web Workers API implementation in Mozilla
Firefox before 43.0 allows remote attackers to bypass the Same Origin
Policy by triggering use of the no-cors mode in the fetch API to attempt
resource access that throws an exception, leading to information disclosure
after a rethrow.